What the ransom note won't say

The report argues that modern ransomware functions as an industry — a franchise-like RaaS ecosystem with specialized roles (affiliates, initial access brokers, anti-EDR tool vendors) — and uses a BlackCat affiliate dispute over the Change Healthcare ransom as a case study. It highlights increased ransomware activity (ESET detections up, Verizon DBIR showing ransomware in a larger share of breaches), the rise of EDR-killers (BYOVD) and subscription obfuscation services, rapid adaptation aided by AI, and recommends defenders map active groups, tools, and supply-chain exposures rather than treating incidents as isolated break-ins.