[strictnein]

Work in a SOC as part of a well funded security org at a Fortune 50.

A company's SOC ideally isn't in the business of reporting crimes, unless they're dealing with a very serious threat actor. In that case, we may notify the feds, but we'll also notify others in our line of business, including direct competitors. Sharing intelligence will help you long term. Trying to get the feds to crack down on a criminal gang operating from eastern Europe won't do much.

Machines that are compromised are isolated, analyzed to pull out indicators of compromise and intel about the methods used, and then nuked and disposed off. There's nothing left to even turn over to a criminal investigation, let alone anyone who wants the machines to begin with.