Ransomware's old rules are breaking down. AI is accelerating the chaos.
Ransomware negotiators used to know who they were dealing with. They understood the threat actors' track records and could reasonably predict whether a victim would recover their data after paying. That predictability is gone.
The shift stems from economics, not the emergence of cybercrime itself. AI has become the accelerant, according to Patrick Bourk, vice president of cyber and professional lines at Navacord.
"I really see this as very much a tool of unbridled efficiency," Bourk said. "It makes things go really fast."
For legitimate businesses, efficiency means faster workflows and lower costs. For threat actors, it means something more dangerous: the ability to experiment at scale without regulatory guardrails or accountability.
The barrier to entry has collapsed
Ransomware as a service has fundamentally changed who can launch a cyberattack. Threat actors now sell access to vulnerabilities on the dark web, letting anyone purchase the tools to exploit them and pay a commission.
The result is a flood of inexperienced operators into a space that once required genuine technical skill. "The tools are easy to use," Bourk said. "In theory, anybody can figure out how to do this."
A new class of threat actor has emerged: hobbyists who purchase access to vulnerabilities they don't fully understand. They attempt attacks they aren't equipped to execute properly.
"They end up stealing things, and they feel they've encrypted things, but they don't really know how encryption keys work," Bourk said. "So it's just made it really, really messy."
Chaos spreads beyond criminal networks
For ransomware negotiation firms, the shift has made an already difficult job significantly harder. The old order-defined groups, known tactics, negotiable outcomes-has given way to something far less predictable.
The problem extends beyond criminal operations. During the early stages of the Russia-Ukraine conflict, a Ukrainian member of a Russian-aligned ransomware gang leaked the group's tactics and threat intelligence in protest of the gang's public support for the invasion.
"Everybody thought this was fantastic because you had this Ukrainian freedom fighter exposing the tactics of the bad guy," Bourk said. "Well, unfortunately, all that did was allow for other hobbyist threat actors to see what they're doing and then mimic it."
Bourk describes AI's current state bluntly: "AI is like this annoying teenager. They jump into stuff, they break things, they occasionally lie, and it's got to be contained."
That containment problem is now an operational reality for insurance and security professionals managing cyber risk. AI for Insurance professionals and AI for Cybersecurity Analysts need to understand how these dynamics affect threat assessment, claims processing, and risk modeling.
Your membership also unlocks:
