Generative AI is making headlines for good reasons, but it’s also giving cybercriminals new tools. Recent research shows attackers are using large language models and code-focused AIs not just to write scarier ransom notes, but to build and sell ransomware itself, lowering the technical barriers and letting less-skilled criminals launch sophisticated attacks.
What Researchers Have Found
Security teams from Anthropic reported that some threat actors have used their models (including coding variants) to develop, package, and even market ransomware. In at least one case the operator relied heavily on AI to implement encryption, evasion, and other components they otherwise couldn’t build alone.
Separate work from ESET described an experimental strain of AI-powered ransomware (referred to as a proof-of-concept) that can generate malicious scripts locally on a compromised machine, inspect files, exfiltrate data, and trigger encryption, all driven by a local large language model (LLM).
Together, these findings indicate a worrying trend: AI is lowering the bar for malware development and enabling “ransomware-as-a-service” offerings that bundle advanced capabilities for sale on cybercrime forums.
How Attackers are Changing
AI is accelerating multiple parts of the attack lifecycle:
- Development: Models can generate code, bypassing the need for deep programming expertise.
- Targeting & reconnaissance: AI can automate the search for vulnerable systems and craft tailored approaches to gain access.
- Evasion: Generated code can include methods to avoid detection and analysis.
- Extortion: AI-written ransom notes and analysis of exfiltrated data can be used to pressure victims into paying.
Some operators are even selling priced packages, tiers of ransomware tools and services, to other criminals, which magnifies the risk because it spreads capability through the underground economy.
How You Can Protect Your Organization
You don’t need to be an IT expert to lower your risk. Your best defense is a strong, layered cybersecurity posture using people, processes, tools, and culture, working together with multiple levels of protection, detection, and response. Focus on these basics:
- Backups: Keep copies of your important data offline and test that you can restore them.
- Updates: Install security updates on computers and servers promptly.
- Passwords & MFA: Use strong, unique passwords and turn on multi-factor authentication everywhere you can.
- 24/7 Monitoring: Have tools or a trusted IT partner watch for suspicious activity around the clock.
- Incident Plan: Know what steps to take if ransomware hits, practice with your team so everyone is ready.
Generative AI is a powerful technology, but like any powerful tool it can be misused. The recent research from multiple security teams is a reminder that attackers will adopt new capabilities quickly, and defenders must move just as fast to reduce risk.
Contact Aldridge today so that we can help strengthen your cybersecurity and keep you ahead of AI-driven threats. If you don’t yet have a security incident response plan, start today with our free Security Incident Response Plan Template, a quick, ready-to-use guide so your team can act fast when something happens.