The Scariest Hackers Don’t Work From Their Basement: Sophos

When it comes to many of the biggest cybercrime threats today, ‘we're talking about a very strong, interconnected criminal organization and network’—not a teenager in a basement, a Sophos executive says.

The cybersecurity cliché of a teenage hacker in a basement is now very much outdated—and even dangerously misleading—given the predominance of sophisticated, well-connected cybercriminal organizations in today’s ransomware scene, according to Sophos executives.

Speaking to an audience of MSP executives Tuesday at XChange August 2025, an event hosted by CRN parent The Channel Company in Denver, Sophos’ Scott Barlow (pictured right) said it’s important to personify the massively disruptive attacks that have impacted so many organizations and their IT teams.

“I want to put a face to the things that you guys deal with every single day—the ransomware, the malware actors,” said Barlow, chief evangelist and global head of community at Sophos. “What do they look like? Who are these people?”

During the XChange August 2025 session, executives from the cybersecurity vendor presented examples of several high-powered men and women who are believed to have played a role in widespread ransomware activities over the past decade.

Cybercriminal groups they’ve been involved with have included Evil Corp and the Business Club, while one of the individuals is believed to have formerly headed a money-laundering organization that proved pivotal to the functioning of cybercrime groups, according to Anthony Booyse (pictured left), senior manager for MDR sales engineering at Sophos.

The individuals have strong ties to the Russian government and have been involved in more than just cybercrime, Booyse said, including “multiple international assassinations on behalf of the Russian state.”

In other words, “this deeply connected hierarchy of criminal organizations goes beyond just the traditional hacker—[a teenager] sitting in a basement, working from ransomware to ransomware to get paid,” he said. “We're talking about a very strong, interconnected criminal organization and network.”

Without a doubt, it’s important for MSPs to recognize who the real attackers are today when it comes to ransomware and other cybercriminal activity, said David Cox, chief security officer at Allen, Texas-based AvTek Solutions.

“We’ve heard for years about the cybercriminal organizations and how they have HR departments and service desks and everything else, but it was always kind of a theory to me,” Cox said. “Putting faces to those roles and responsibilities will resonate with my clients.”

Ultimately, “I think it opens their eyes a little bit more as to how real the threat can be,” he said. “Many of the clients we talk to, they still think it’s a kid in the basement. So to better understand who the criminals really are and how organized they are, and how much of an economy they’ve created for themselves, really is eye-opening.”