Report: GenAI Lowers Bar for Ransomware Attacks

- The Securin 2025 Ransomware Report analyzed 7,061 confirmed ransomware victims across 117 threat groups. It found that just three groups—Qilin, Akira, and CL0P—were responsible for almost 30% of all incidents. - For the first time, commercial facilities were the most targeted sector, representing 14.1% of all victims, indicating a shift towards disrupting daily life and business operations for immediate financial leverage. - Generative AI is significantly enhancing social engineering tactics; a reported 1,265% increase in AI-powered phishing attempts has been observed. These tools can create flawless, context-aware emails that mimic a person's writing style, making them much harder to detect than traditional phishing messages. - Attackers are using AI for "polymorphic" malware, which constantly modifies its own code to evade signature-based detection tools used by many antivirus programs. Some emerging malware can even generate its attack logic at runtime, allowing it to adapt to the specific environment it has infiltrated. - AI is being used to automate ransom negotiations through chatbots, which can operate 24/7, handle multiple languages, and apply scripted psychological pressure on victims to pay. This allows human operators to focus on the most profitable cases. - The window from initial compromise to ransom demand is shrinking dramatically due to AI. AI-assisted campaigns can compress attack timelines from weeks to just a few days or even hours. - Threat actors are weaponizing deepfakes for identity deception. AI-generated audio and video can be used to impersonate executives or IT staff to authorize fraudulent payments or gain system access. - The rise of AI has enhanced the "Ransomware-as-a-Service" (RaaS) model, where less-skilled criminals can "subscribe" to attack platforms. AI automates processes like target selection and attack customization, making sophisticated attacks more accessible.