CompTIA Security+ (SY0-601) — Question 431

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Answer options

• A. Insider threat
• B. Hacktivist
• C. Nation-state
• D. Organized crime

Correct answer: D

Explanation

The correct answer is D, as organized crime groups are often the primary actors behind ransomware-as-a-service, leveraging these services for financial gain. The other options, such as insider threats, hacktivists, and nation-states, do not typically focus on ransomware in a commercial context in the same way that organized crime does.