AI-Powered Ransomware Fuels Cybercrime

AI tools enhance ransomware tactics, targeting critical sectors like healthcare, with the U.S. leading detections. Nation-state actors expand global threats.

AI-Driven Ransomware Escalates Cyber Threat Landscape Amid Global Conflicts The rise of AI-based tools tailored for criminal activity is reshaping the cyber threat landscape, as highlighted by recent research from the Trellix Advanced Research Center, as first reported by Help Net Security (HNS).

Global conflicts, such as Russia’s invasion of Ukraine and the Israel-Hamas war, have intensified cyberattacks and hacktivist activities, further complicating an already volatile environment, notes HNS.

AI-powered ransomware tools are a significant development, enabling cybercriminals to adopt more sophisticated tactics.

These tools enhance the spread of ransomware and improve evasion techniques, particularly against endpoint detection and response (EDR) systems.

One such tool, EDRKillShifter, has been employed by the ransomware group RansomHub, which accounted for 13% of Trellix detections, making it the most active group, as reported by HNS.

The ransomware ecosystem has diversified, with smaller groups gaining prominence. LockBit, Play, Akira, and Medusa collectively account for less than 40% of all detected attacks, says HNS.

This decentralization highlights the need for organizations to stay vigilant and adapt their defense strategies. According to John Fokker, Head of Threat Intelligence at Trellix, the surge in generative AI use by cybercriminals presents new challenges.

“The last six months delivered AI advancements, from AI-driven ransomware to AI-assisted vulnerability analysis, evolving criminal strategies, and geopolitical events, which have reshaped the cyber landscape. Resilience planning has never been more important for cybersecurity teams,” Fokker stated, as reported by HNS.

Critical sectors, including healthcare, education, and infrastructure, remain prime targets for ransomware attacks.

In the US, which received 41% of Trellix ransomware detections, these sectors face increasing pressure. The dark web market for AI-driven tools, such as Radar Ransomware-as-a-Service, underscores the growing demand for advanced criminal technologies, says HNS.

Additionally, Trellix reports a sharp rise in activity from nation-state actors, with China-affiliated Mustang Panda responsible for over 12% of advanced persistent threat (APT) activity, reported HNS.

North Korea-aligned group Kimsuky has also doubled its activity, with government, financial, and manufacturing sectors being primary targets.

As cybercrime evolves, organizations must enhance resilience planning and invest in advanced defenses to counter these sophisticated threats.