Ransomware has always been an evolving threat, as criminal gangs experiment with new tactics to terrorize their victims and gain maximum leverage for making extortion demands. Weaponized AI is the latest addition to the arsenal, enabling high-level groups to launch more advanced attacks and opening the door for novice hackers. The NCSC has warned that AI is increasing the global threat posed by ransomware, and there has also been a reported increase in AI-powered phishing attacks.
Organizations now face increased threats from more sophisticated attacks, such as polymorphic malware that can mutate in real time to evade detection, enabling groups to strike with more accuracy and frequency.
As AI continues to rewrite the rules of ransomware attacks, organizations are still relying on traditional defenses are at a greater risk of falling victim to this next generation of cyber attacks.
CEO and Founder of BlackFog.
How AI is making ransomware more accessible
Cybercriminals, like legitimate businesses, are finding new ways to use AI tools and this is making ransomware attacks more accessible and scalable. By automating critical attack processes, cybercriminals can launch faster, more sophisticated campaigns while minimizing human effort.
There are benefits for established and experienced criminal gangs which can now increase the scale of their operations. At the same time, because AI is lowering the barriers for entry, those with less technical expertise can access ransomware as a service (RaaS) to launch advanced attacks at a level that would normally be above their pay grade.
OpenAI, the company behind ChatGPT, confirmed it has detected and disrupted more than 20 operations using its popular generative AI tool for malicious activity. This ranged from writing copy for targeted phishing campaigns to directly coding and debugging malware.
The group known as FunkSec - a RaaS provider - is a recent example of how these tools are elevating the capabilities of criminal groups. It’s believed the gang only has a handful of members, and their human-created code has been fairly simplistic, with a very basic level of English.
However, since emerging in late 2024, FunkSec racked up more than 80 reported victims within a single month, with various AI tools helping them punch well above their weight.
Investigations have found signs of AI-generated code within the ransomware used by the gang alongside web and ransom copy clearly written by a Large Language Model (LLM). The group also used a generative AI tool called Miniapps to create a chatbot to support their operations.
AI-powered attacks are more precise and powerful
AI tools also enable attackers to research their victims and create targeted phishing campaigns far more efficiently. Malicious activity is easy to disguise as legitimate sales and marketing emails, enabling cybercriminals to slip past attempts by LLMs to block illegal and unethical activity. Some criminal groups are also starting to use LLM-powered chatbots to handle ransom negotiations. As these malicious models learn from experience, we may see more aggressive and effective psychological tactics ahead.
One of the most significant concerns is that attackers can create more sophisticated ransomware that moves faster, hits harder, and is designed to evade detection.
An example of this is polymorphic malware, which is programmed to automatically modify code each time the malware replicates or infects a new system and uses obfuscation and encryption to hide malicious payloads. This makes it extremely difficult for traditional signature-based detection tools to identify an active attack.
Polymorphic malware, such as Storm Worm, has been around for some time, but the AI revolution of the last two years had made it easier to create and deploy. Polymorphic ransomware is especially dangerous since attacks will cause more damage, the longer they can evade detection.
How can businesses defend against AI-driven ransomware?
With AI powering up ransomware gangs, businesses must evolve their defenses to stay protected. Traditional security tools alone are no longer enough, and organizations need to match their fast-moving adversaries with their own adaptive, AI-driven strategies to keep up.
One crucial step is considering how to fight AI with AI. Advanced AI-driven detection and response solutions can analyze behavioral patterns in real time, spotting anomalies that traditional signature-based tools might miss. This is essential for countering tactics like polymorphism that have been specifically developed to evade standard detection tools. Continuous network monitoring adds another layer of defense, helping to detect suspicious activity before ransomware can activate and spread.
Beyond detection, AI-powered solutions are also important for preventing data exfiltration as modern ransomware gangs almost always rely on data theft to pressure their victims. Our research found that 94% of reported ransomware attacks in 2024 involved exfiltration, underlining the need for Anti Data Exfiltration (ADX) solutions to be part of a layered security strategy. By blocking unauthorized data transfers organizations can shut down extortion attempts leaving attackers with no choice but to move on.
While advanced tools are essential for keeping up, it’s important not to neglect the fundamentals - at the foundation of a strong defense lies basic cybersecurity hygiene. Many attacks exploit simple security gaps, so businesses must patch vulnerabilities quickly and adopt Zero Trust security principles, enforcing MFA and least privilege access to limit lateral movement.
Facing the future of ransomware
AI is transforming ransomware into a more targeted threat that moves faster and is better at evading defenses. These increasingly efficient, scalable, and sophisticated ransomware campaigns are making businesses more vulnerable than ever.
But while cybercriminals evolve quickly, so can defenders. Although AI tools are rewriting many of the ransomware rules, the fundamentals of defense remain the same. Businesses need to anticipate AI-powered tactics and strengthen their defenses to match. Companies that can detect and stop incoming attacks and prevent attackers from accessing and exfiltrating their data will present hardened targets that disrupt the ransomware business model.
We've listed the best business password manager.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.