By Stephen DeAngelis
One of the great scourges of the computer age is the ransomware attack. There are several different types of ransomware attacks and they are constantly evolving. However, a ransomware attack that takes control of an organization’s computer so that criminals can extort businesses is particularly popular and disruptive. Supply chain journalist Robert J. Bowman notes, “No industry or organization, public or private, seems immune. And many end up paying millions of dollars in ransom to have their computer systems restored.”[1] Ransomware has been around for a few years; nevertheless, the problem is growing. Journalist Dell Cameron reports, “Despite years-worth of efforts to eliminate the scourge of ransomware targeting schools, hospitals, and critical infrastructure worldwide, experts are warning that the crisis is only heating up.”[2] Adding heat to the fire are emerging types of artificial intelligence (AI) that can generate even more effective attacks.
AI-generated Ransomware
Cybersecurity journalists Lily Hay Newman and Matt Burgess report, “As cybercrime surges around the world, new research increasingly shows that ransomware is evolving as a result of widely available generative AI tools. In some cases, attackers are using AI to draft more intimidating and coercive ransom notes and conduct more effective extortion attacks. But cybercriminals’ use of generative AI is rapidly becoming more sophisticated.”[3] One ransomware attack reportedly threatened, “We know where your CEO lives.” Newman and Burgess report that large language models (LLMs) are now being used to generate attacks. They write, “Ransomware criminals have recently been identified using Anthropic’s large language model Claude and its coding-specific model, Claude Code, in the ransomware development process.” The bottom-line according for Newman and Burgess is: “Generative AI is pushing cybercrime forward and making it easier for attackers — even those who don’t have technical skills or ransomware experience — to execute such attacks.”
Anton Cherepanov and Peter Strycek, malware researchers at ESET, told Wired Magazine, “Deploying AI-assisted ransomware presents certain challenges, primarily due to the large size of AI models and their high computational requirements. However, it’s possible that cybercriminals will find ways to bypass these limitations. As for development, it is almost certain that threat actors are actively exploring this area, and we are likely to see more attempts to create increasingly sophisticated threats.”[4] According to Zach Church, a communications director at MIT, AI is already being extensively used for ransomware attacks. He reports, “New research from Cybersecurity at MIT Sloan and Safe Security examined 2,800 ransomware attacks and found that 80% of them were powered by artificial intelligence. AI is being used to create malware, phishing campaigns, and deepfake-driven social engineering, such as fake customer service calls. Large language models are being employed to generate code and phishing content. There is also AI-enabled password cracking, CAPTCHA bypass, and more.”[5]
The fact that ransomware attacks are becoming easier to generate and more difficult to defend against is bad news — especially for smaller enterprises. Business correspondent Melissa Angell explains, “Most small businesses wouldn’t survive a week after getting hit by a ransomware attack. New research from CyberCatch, a San Diego-based cybersecurity platform provider, shows that 75 percent of small- and midsize businesses would be forced to close shop if a bad actor demanded a ransom not to infect their systems with malware. It’s not just the ransom’s dollar amount that can push a business over the edge, it’s the complete disruption to operations that ensues when an organization must navigate an attack.”[6]
Meeting the Challenge
Freelance writer Matthew Gault believes most businesses are ill-prepared to confront the challenge ahead. He explains, “In the near future one hacker may be able to unleash 20 zero-day attacks on different systems across the world all at once. Polymorphic malware could rampage across a codebase, using a bespoke generative AI system to rewrite itself as it learns and adapts. Armies of script kiddies could use purpose-built LLMs to unleash a torrent of malicious code at the push of a button.”[7] What can your organization do to be better prepared to meet the threat? Researchers from MIT suggest “that a comprehensive approach to combating AI-enabled threats consists of three types of defense, all of which are essential.”[8] They are:
1) Automated Security Hygiene. “Automated security hygiene, such as self-healing software code, self-patching systems, continuous attack surface management, zero-trust-based architecture, and self-driving trustworthy networks, [are essential]. Automating these routine tasks reduces manual workloads while strengthening protection against attacks that target core system vulnerabilities.”
2) Autonomous and Deceptive Defense Systems. “Autonomous and deceptive defense systems, which use analytics, machine learning, and real-time data collection to learn from, identify, and counteract threats, [are also necessary]. Examples include simultaneously automated moving-target defense, and deceptive tactics and information. Both types of systems enable teams to take a proactive approach to defense, rather than getting stuck in reactive mode.”
3) Augmented Oversight. “Augmented oversight and reporting, which give executives real-time data-driven insights, [can also help]. For example, automated risk analysis uses AI to spot emerging threats and predict how they might impact an organization.”
Subo Guha, senior vice president of product management at Stellar Cyber, agrees with this multi-layered approach. He explains, “[Organizations] can implement multiple layers of AI to their security tools to bolster defenses and ensure that both sides of the house are protected. … AI is a powerful ally in the cybersecurity arsenal. Enterprises have been embedding AI into their defensive strategies, transforming threat detection, [as well as] response and prevention. … AI-powered systems can quickly analyze and learn from massive IT/OT network traffic, user behavior and threat intelligence datasets. AI and ML can quickly identify anomalous patterns and indicators of compromise (IOCs) that would otherwise go unnoticed. Machine-learning models identify deviations from normal network behavior, detecting potential zero-day attacks, ransomware, insider threats and lateral movement.”[9]
Concluding Thoughts
Newman and Burgess report, “Over the last decade, ransomware has proven an intractable problem. Attackers have become increasingly ruthless and innovative so victims will keep paying out. By some estimates, the number of ransomware attacks hit record highs at the start of 2025, and criminals continue to make hundreds of millions of dollars per year.” With so much money at stake, ransomware and other cyberattacks can’t be ignored. As Guha explains, “The rise of AI and the corresponding rise in security threats are no coincidence. … [AI can] arm adversaries with sophisticated new tools that threaten the safety and security of data and systems.” On the other hand, he notes, “The multi-layered AI approach to network detection and response adds significant material speed, scale and efficiency to SecOps environments, regardless of size and scope. Autonomous SOCs free human security professionals to take on more complex tasks such as threat hunting, AI research and investigation.”
Footnotes
[1] Robert J. Bowman, “The Scourge of Ransomware: Another Kind of Epidemic,” SupplyChainBrain, 18 October 2021.
[2] Dell Cameron, “Security News This Week: Ransomware Attacks Are Getting Worse,” Wired, 15 June 2024.
[3] Lily Hay Newman and Matt Burgess, “The Era of AI-Generated Ransomware Has Arrived,” Wired 27 August 2025.
[4] Ibid.
[5] Zach Church, “80% of ransomware attacks now use artificial intelligence,” MIT Sloan Management School, 8 September 2025.
[6] Melissa Angell, “Most Businesses Don’t Survive Ransomware Attacks. What to Do in the Aftermath to Soften the Blow,” Inc., 25 April 2022.
[7] Matthew Gault, “The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare,” Wired, 4 June 2025.
[8] Church, op. cit.
[9] Subo Guha, “The Best Defense Against AI Cyberattacks? AI,” Industry Week, 8 September 2025.
