When is a LockBit ransomware attack not actually a LockBit attack? Cyber defenders are reporting a profusion of attacks involving stolen or reused strains of ransomware.

Blame a variety of factors, including law enforcement crackdowns on big-name brands, evolving ransomware business models and at least one case of a ransomware group leader with poor people skills.

“Think of ransomware as something that models and mimics legitimate corporate businesses,” Yelisey Bohuslavskiy, chief research officer at Red Sense, said in an interview at Black Hat in Las Vegas this month. Just as startups will learn and evolve, so too do ransomware groups.