So monero operates like a tunnel, if you're in the tunnel you're hidden but they can see when you enter or leave the tunnel.

Monero can't protect you from stupidity, that's why best way is to avoid KYC, and immediately liquidating.

Practice good opsec, and you'll be fine..

Don't ask for $18 million in Monero for ransomware then automatically swap it into BTC, and sell it to a KYC exchange.

Maybe ask for $18 million in monero, swap like a $1,000 of it, try a kyc free exchange but if need be use a kyc exchange but make your transaction less suspicious.