Ransomware groups have become increasingly sophisticated, leveraging ransomware-as-a-service models and double extortion tactics to wreak havoc on organizations. The takedown of prominent groups like LockBit has led to a more fragmented marketplace, with new players emerging to fill the void. Nation-state actors, lone operators, and data theft extortion groups are among the diverse range of attackers, often using stealth and evasion techniques to stay under the radar. The use of AI is also becoming more prevalent, further complicating the threat landscape. With financially motivated groups adopting advanced tactics, the implications extend beyond the immediate target, taking on geopolitical significance1. This shift raises the stakes for practitioners, who must now consider the potential for state-aligned threat activity when assessing and mitigating ransomware risks.