From $10 to $30M: Operating in the Data-Extortion Aftermath
Diego Matos
BSidesSF 2026 · Day 1 · AMC IMAX
In his compelling BSides SF talk, "From $10 to $30M: Operating in the Data-Extortion Aftermath," Diego Matos, IBM's Latin American Incident Response Leader, provides a critical examination of the evolving landscape of data extortion. Drawing on over 16 years of experience in both offensive and defensive security, Matos guides the audience through the historical progression of ransomware and extortion tactics, highlighting the increasing sophistication and professionalization of cybercriminal enterprises. The presentation culminates in a detailed case study of a real-world incident where a $10 credential purchase on the dark web escalated into a multi-million dollar data extortion attempt.
AI review
A competent war-story talk with a genuinely useful case study anchoring it — the $10 credential-to-$30M demand arc is clean and the accidental API key leak detail adds credibility. But the surrounding material is mostly well-packaged industry knowledge rather than new insight, and the threat landscape framing (RaaS, quadruple extortion, Conti, LockBit) has been rehashed at every mid-tier con for two years running.