AI-fueled automation helps ransomware-as-a-service groups stand out from the crowd
Category:Threat Alerts / Malware & Ransomware
ReliaQuest reports RaaS operators increasingly bundle AI‑powered tooling for affiliates, shrinking breakout time from 48 minutes in 2024 to ~18 minutes mid‑2025. LockBit and DragonForce gain share with automation that kills security processes and optimizes payloads, while Medusa declines. Only ~50% of groups offer full AI capabilities, but the trend is accelerating.
CORTEX Protocol Intelligence Assessment
Business Impact: Faster affiliate operations drive rapid lateral movement and quicker encryption/exfiltration. Technical Context: AI supports AV evasion, automated privilege escalation, and scaled extortion operations.
Strategic Intelligence Guidance
- Harden identity (MFA, PAM) and monitor service accounts.
- Use SOAR to auto‑isolate high‑fidelity ransomware detections.
- Deploy SMB/AD behavioral analytics to detect staging.
- Continuously test egress controls and backup resilience.
Vendors
Threats
Targets
Intelligence Source: AI-fueled automation helps ransomware-as-a-service groups stand out from the crowd | Cybersecurity Dive | Oct 22, 2025