Dive Brief:
- The vast majority of ransomware-as-a-service groups are using AI-powered tools, which are “almost certainly increasing the speed of ransomware attacks,” the security firm ReliaQuest said in a report published on Tuesday.
- One sign that automation is making a difference: Attackers’ breakout time — the measure of how long it took them to go from initial access to compromising other devices — dropped from 48 minutes in 2024 to 18 minutes in the middle of 2025, the company said.
- RaaS groups are offering AI-powered tools such as antivirus detection and “features to automatically kill software that prevents ransomware execution,” according to the report.
Dive Insight:
Security research has been split over how much AI is changing the threat landscape, but ReliaQuest’s report offers new evidence that AI-fueled automation is helping hackers move more quickly. Its findings about RaaS groups also suggest that AI tools are helping these groups improve the appeal of their offerings.
AI has helped some RaaS groups stand out from the pack and gain an edge over their competitors, the report suggests. The infamous LockBit group, which has been struggling to rebuild its operations and prestige following law-enforcement take-down operations, is “fully embracing” the RaaS model with “many advanced capabilities” that are likely to attract more affiliates and help it rebuild its ranks. On the other hand, the well-known Medusa cybercrime group is on the decline, with fewer victims appearing on its data-leak site every month and no offers of automation tools for its affiliates.
Other groups are growing in prominence, including a collective called “The Gentlemen” that cyber experts first spotted in September and is already offering automation tools to its affiliates. “Its advanced capabilities … have likely driven its success, naming more than 30 organizations on its data-leak site in its first month alone,” the researchers wrote. Advanced tools have also helped the DragonForce group build its brand and double its victim count in 2025 compared with 2024.
Still, this evolution is in its early stages: Only 50% of RaaS groups offer AI-powered capabilities to their affiliates, according to the report.
“Fewer than half of the RaaS groups analyzed can provide the complete trifecta of capabilities needed to attract the elite talent that is most likely to compromise heavily defended organizations and secure large extortion payments,” ReliaQuest researchers wrote.
