IT security practitioners spend a lot of time strategizing ransomware defense, but many know little about the criminals plotting attacks. Who is the person behind a devastating ransomware campaign? Why did they choose a specific target? What about cybercrime appeals to them?

To better understand the attacker’s perspective, Cisco Talos researchers interviewed a LockBit ransomware operator. Their interaction, as with many in the security world, began on Twitter. This operator, who would not share his name but is referred to as “Aleks,” tagged a member of the Talos team in a tweet promoting his compromise of a Latin American financial institution.