Ransomware is on the rise. Again

For years, it felt like we were slowly but surely gaining ground in an uphill battle against ransomware. Attack numbers were cooling off, organizations were getting smarter, and defensive tools were maturing.

But, for the first time in years, the momentum has shifted, and not for the better. Researchers are ringing the alarm: ransomware is climbing again, attacks are getting smarter, and adversaries are adopting artificial intelligence (AI)I faster than many defenders can keep up.

For channel partners and Managed Service Providers (MSPs), this isn’t just another moment in the news cycle. It’s also an opportunity to educate their customers and provide them with the solutions they need to combat cyber threats more effectively.

Ransomware’s quiet comeback

What’s striking about the latest wave isn’t just the increase in the volume of activity, but how rapidly attackers have evolved. Ransomware groups have regrouped, retooled, and are now operating with a new level of sophistication that we have never seen before in cybersecurity.

Attackers are leaning heavily on automation, AI-generated phishing, and coordinated extortion operations. Phishing appears to have re-emerged as the most reliable doorway in, not because people are less cautious, but because the lures are now much more difficult to distinguish from legitimate communication. AI has given cybercriminals a frightening edge: scale and believability.

The new attack playbook

Phishing remains the most reliable and familiar workhorse for most ransomware crews, but that’s only part of the story. Stolen credentials, session hijacking, and compromised endpoints are playing a bigger role than in previous years.

Ultimately, attackers have concluded that targeting identity and access management tools often yields a far higher payout than hammering at technical vulnerabilities.

Many of these techniques are now automated, meaning small businesses, especially those relying on outdated filtering or inconsistent endpoint practices, are increasingly caught in the crosshairs.

Organizations are clearly hungry for modern defenses to meet these modern challenges, but they often don’t know where to start. Right now, MSPs have an opening to step up their game by offering their customers more advanced identity protection, AI-enhanced email security, and automated phishing-resistance training that puts them ahead of the curve.

The cyber insurance safety net is fraying

Organizations sometimes assume cyber insurance will save them when the worst happens, or that it cuts back on the need for other forms of protection. But that assumption is incorrect.

Recent insights highlight a common theme: policies are getting stricter, premiums are climbing, and insurers are pushing back on payouts when the right controls aren’t in place.

This shift means companies can’t “insure their way out” of ransomware. MSPs are increasingly being asked to help customers weigh the cost-benefit of insurance versus strengthening resilience, and, in many cases, proactive security investments win out. The fact is that companies are increasingly unlikely to qualify for cyber insurance if they do not have robust cybersecurity systems.

Recovery is improving, but not fast enough

Don’t despair: there is some good news. With a few years of experience under their belts, organizations are getting better at detecting and containing attacks quickly. More companies now have dependable and immutable backups, disaster-recovery playbooks, and the confidence to avoid paying ransoms.

But the human side of security hasn’t kept up the pace the way that it needs to. Leaders still underestimate how much risk comes from everyday behaviors. An employee who approves a fake MFA request, a manager who reuses passwords, or an intern who clicks a well-disguised link can set into motion a domino effect of consequences with massive ramifications.

In many cases, training programs exist, but they’re ineffective or outdated. “Check-the-box” security awareness simply can’t compete with AI-powered attacks designed to mimic real people.

This is where MSPs can have an outsized impact, by offering cyber awareness training that’s automated, personalized, ongoing, and tied to tangible threats happening in real time.

Even with the most sophisticated firewalls, human error has a way of resurfacing as the most common source of breaches. In this scenario, expertise and cyber-resilience are more valuable than ever, and MSPs are in a great position to offer access to this.

What this all means for MSPs and channel partners

We’re entering a different era of ransomware in which the quantity and quality of attacks are no longer mutually exclusive. Hackers are creating traps that are more convincing than ever, and they’re doing it at scale.

But it’s also an era where MSPs have more tools, intelligence, and AI capabilities at their disposal to help customers build real resilience. So, what can you do?

For one, MSPs can focus on offering clients expertise in addition to next-gen tools. Providing integrated protection can help to solidify a business’s reputation as a trusted guide in precarious times.

It also falls on MSPs to help client organizations understand what “good security” really looks like beyond the safety blanket of insurance.

Finally, it is up to the MSP to make the most of AI-powered tools and take advantage of their capabilities to detect, prevent, and respond to threats faster than ever.

The resurgence of ransomware isn’t a sign that cybersecurity is failing, only that the threat landscape has shifted. And channel partners who help customers adapt to this new reality have an opportunity not only to better protect their clients, but to establish themselves as authorities in this new domain.