Inside the AI-enabled 'RaaS' engine powering today’s ransomware surge

Ransomware has gone from a one-off hustle to a full-blown industry. Thanks to Ransomware-as-a-Service (RaaS), anyone with bad intentions and a bit of cash can launch a full-scale cyberattack. It’s cybercrime in a box—fast, scalable, and and ripping through every industry with brutal efficiency.

Paul Bischoff, Editor at Comparitech, has been tracking ransomware’s evolution for years. As a recognized expert on online privacy and cybersecurity, he calls RaaS the driving force behind today’s surge.

Rise of RaaS: "The emphasis should be on ransomware-as-a-service in particular. It's the big push behind this," says Bischoff. The model has become the go-to method for launching attacks, giving even low-level criminals access to powerful tools and turnkey support. RaaS platforms are multiplying fast, with many offering profit-sharing deals that accelerate the rise of new ransomware crews.

Extortion at scale: That accessibility is what makes RaaS so dangerous. "Probably half the big ransomware groups are doing RaaS models now," Bischoff notes. This "franchise effect" drives up attack volume, "because other people are launching the attacks for them," Bischoff explains. The result is scale without limits, and chaos outsourced on demand.

AI hits the gas: While RaaS drives the surge, AI gives it a boost. "AI helps write cleaner copy for phishing emails," Bischoff says. "It can also help write malware to a certain extent, so it may speed up the development of malware." Generative AI is increasingly used to craft convincing spear-phishing campaigns and automate social engineering, resulting in faster, more targeted, and harder-to-detect attacks.

Back with a vengeance: Ransomware is roaring back. "Cybercrime in general had a huge boost during the pandemic, then it kind of tapered off—and now it’s coming back again," says Bischoff. The cost for businesses is steep. "Every industry is affected," Bischoff says, with damage spanning ransom payments, downtime, data loss, legal fees, and identity theft protections for customers and staff.

Lips are sealed: One of the biggest obstacles to defense is the lack of information-sharing. "There’s not enough threat intelligence out there," Bischoff says. "We’re not sharing enough information about these attacks with each other, and it’s to our detriment." He’s seen it time and again—companies go silent after an attack, refusing to share even basic details. Driven by fear of bad press or legal fallout, this silence leaves others in the dark and makes collective defense nearly impossible.

Back to basics: When it comes to defense, Bischoff sticks to the fundamentals. "Do phishing simulations with your employees. I know they hate them, but do them anyway," he says. "Make frequent backups, keep your software updated." His warning is blunt: "You only have to get it wrong once for everything to suddenly be out there." Manufacturing, in particular, is feeling the heat, with a growing number of ransomware reports tied to the sector.

Spreading like weeds: The ransomware ecosystem is nothing if not adaptive. "We have a lot of malware groups that are spin-offs of previous malware groups," Bischoff explains. "They spring up like weeds. You rip one out and more show up in its place. Same strain, just with a different paint job." That resilience—amplified by the RaaS model—keeps ransomware a stubborn, fast-evolving threat.