The Commercialisation of Cybercrime

Category: News
Published: 5^th December 2025

Access our Report

Ransomware-as-a-Service (RaaS)

Ransomware continues to operate as a structured, commercialised ecosystem. RaaS enables fewer technical actors to execute attacks by purchasing access, tools, and infrastructure, while developers maintain profit-sharing arrangements. CrowdStrike and Check Point both report that RaaS activity has reached record levels in 2025, with at least 85 active extortion groups globally.

Multi-Phase Extortion

Double-extortion attacks (an attack involving data theft and system encryption) are now the baseline. Emerging tactics, sometimes referred to as “quadruple extortion,” combine data theft, encryption, leaks, and additional coercive actions. These strategies place significant operational and financial pressure on victims.

Access Brokers and Anonymity

Access brokers act as intermediaries, selling compromised credentials or network access to the highest bidder. This professionalisation of cyber crime complicates attribution, enforcement, and recovery. Coupled with increasingly anonymous cryptocurrency transactions, tracking and prosecuting offenders has become even more difficult.

Ethical and Strategic Implications for Victims

Regulatory and moral questions arise when considering ransom payments. Organisations face difficult choices as paying may restore operations, but it could also be funding illicit activity, while non-payment may increase operational exposure. Board-level discussions must include both technical and ethical considerations so organisations can pick the best course of action.

Download the full Cyber Trends 2026 Report

Get the complete analysis and recommendations in a board-ready PDF.

Read the Report

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
crisp-clientsession/*	6 months	Session ID for existing chat through Crisp chat
li_gc	2 years	No description

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_UA-3109036-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Send a message

Contact details

Social media