Artificial intelligence and cryptocurrency are among the new technologies being leveraged by threat actors to bolster ransomware threats, according to the “Ransomware Threat Outlook 2025 to 2027” report published by the Canadian Centre for Cyber Security.
Generative AI developments like large language models are being leveraged in different ransomware attack stages, such as in malware development, deepfake generation, automated negotiations with victims, vulnerability research, and the execution of social engineering strategies.
Meanwhile, the anonymity in cryptocurrency as a financial asset has created an opening for ransomware actors who are hiding from law enforcement and regulators. The global reach of cryptocurrency has also enabled cybercriminals to extend the scope of their activities, complicating law enforcement investigation.
The Financial Transactions and Reports Analysis Centre of Canada said in 2023 that the movement of profits from fraud and ransomware attacks was the most widespread money laundering measure involving virtual currency.
“Ransomware is big business. At a time when cybercriminals continue to target Canadian businesses, critical infrastructure, and government systems, education on this threat has never been more important. As ransomware evolves, fueled by emerging technologies like artificial intelligence,” said Rajiv Gupta, Canadian Centre for Cyber Security head, in a statement.
The report outlined four key findings:
- Ransomware as a threat is increasing and rapidly evolving with threat actors applying sophisticated cybercrime tactics
- Threat actors are adapting to digital landscape changes and crafting extortion tactics that will bolster financial reward
- Organizations must implement basic cyber hygiene in self-defence
- Private organizations must collaborate with law enforcement, government agencies, and the public in addressing ransomware threats
From 2023 to 2024, the number of ransomware incidents in Canada increased; the Canadian Centre for Cyber Security attributed this to RaaS reducing technical barriers to entry for threat actors and enabling the use of sophisticated tactics, techniques, and procedures. It listed RaaS group Akira, ransomware group Play, and RaaS group Medusa as the three leading ransomware threats to Canada for that year.
The report indicated that ransomware will continue to be a major threat to Canada in the next two years; thus, organizations must implement practices like cybersecurity training and education for employees, conduct regular backups, enable automatic updates, and adopt security tools.
The “Ransomware Threat Outlook 2025 to 2027” report builds on the Canadian Centre for Cyber Security's 2023 report “(Cyber Centre) Baseline cyber threat assessment: Cybercrime.” The centre is Canada’s technical and operational authority on cybersecurity, collaborating with federal government departments, critical infrastructure, Canadian businesses, and international partners to address cyber events.