Ransomware-as-a-service is thriving. A sprawling enterprise of initial access brokers, buyers, sellers, and other affiliates and third parties now feed the dark web with ransomware kits that are tailor-made to get past company defenses. Smart use of social engineering, combined with malicious AI-generated code and clever exploits of legitimate software, have rendered the most recent attacks nearly invisible to standard detection systems. In addition to encryption, now adversaries are conducting double, triple, or even quadruple-extortion campaigns that exert maximum pressure on victims and their business partners to comply.
So how are organizations navigating this volatile landscape? In this latest survey report, CRA Business Intelligence looks at how cybersecurity practitioners are revisiting their ransomware defenses and strategies — and whether they believe these methods are sustainable in the months ahead. We also look at how recent developments (like the addition of AI and novel threat actors) introduce new risks and what organizations are doing to stay ahead of the threat.