Jurgita Lapienytė | AI arms ransomware gangs for historic 2025 haul… 2026 could be worse

2025 was one of the most fruitful years for ransomware gangs yet, as we saw thousands of victims claimed by criminals throughout the year. AI was a big help.

Artificial intelligence may not be orchestrating major cyberattacks on its own just yet. However, it’s making attacks easier to carry out and it’s putting smaller, less protected businesses at even greater risk.

It’s like a mild cold you tend to ignore, but it’s penetrating all your defence systems until you crack and have to deal with pneumonia all of a sudden.

WHAT THE DATA IS TELLING US

Ransomware attacks are on the rise, and this can be seen with the naked eye. In 2024, RansomLooker, which relies on constant monitoring of criminals' data leak sites, recorded 5,189 ransomware attacks. That’s a 24 per cent rise from the year before.

It is important to highlight here that these are only the attacks that criminals brag about, because they are either trying to pressure those victims into paying the ransom or putting big names out there to boost their reputation. The real scope may be much, much bigger.

In 2025, Russia-based Qilin was the most vocal gang, with 776 victims in its basket, and Asahi, the Japanese beer maker, was one of the more prominent targets.

HOW ARE RANSOMWARE GANGS USING AI?

AI-generated malware is a new goodie on the shelves of the dark web – yet another ready-to-use cybercrime tool that makes ransomware attacks easier, and hence more prevalent.

Anthropic discovered that criminals abused its Claude model to generate malware, which they were later selling for US$400–US$1,200 on dark web forums. While not the most sophisticated programmes, they could still perform the most important functions, like evading discovery, encrypting files, employing anti-recovery mechanisms, and they came professionally packaged.

You may need a very sophisticated attack to bring a bank to its knees, if that’s even possible, given how well protected against cyberattacks they are. It’s a different story for others.

Cyber-attackers are increasingly going after small and medium-sized businesses, and they tend to crumble more easily. For a small family-owned entity with little to no cybersecurity resources, even the “dumbest” AI-written malware can mean the end of the business.

Some sectors are also particularly vulnerable. RansomLooker data reveal that manufacturing was hit the hardest last year, accounting for 28 per cent of all ransomware attacks where the victim’s industry is known. I’d assume many cases go underreported because manufacturers are avoiding downtime costs at all times and are more likely to pay the ransoms.

It also doesn’t help our case that we are rushing to implement AI solutions, failing to weigh potential benefits against risks, or stalling AI usage in the office, leading to employees using it in secret and hence opening another backdoor for threat actors.

ESET researchers discovered evidence that AI can craft malware from beginning to end. But that isn’t the greatest threat yet. What crooks find AI most useful for is social engineering, using it to craft convincing phishing lures and threatening ransom notes.

AI has definitely become instrumental in cyberattacks and has contributed to the rise in ransomware. But what’s about to come may be much worse.

WHAT TO EXPECT IN 2026?

AI or no AI, sophisticated threat actors like the ones behind Qilin and Cl0p will continue to sow terror among businesses. However, armed with AI, average crooks are about to become a big headache too.

Cheaply generated malware will become more accessible, AI tools will help them craft convincing phishing campaigns, and they will be able to analyze extorted files to learn what can hurt the victim the most.

Despite the fact that ransomware and AI’s roles were under the media spotlight worldwide in 2025, we still don’t see any exponential growth in ransomware cases. RansomLooker data points to a steady increase in ransomware incidents.

In 2026, we expect to see a rapid acceleration in ransomware cases and other AI-assisted scams for various reasons, not only because AI makes it easier to become a criminal and requires less or no technical knowledge – just motivation.

With the agentic AI explosion, shadow AI usage in organizations, rushed AI tool implementation, and layoffs within the cybersecurity field, businesses will become much more exposed and vulnerable, essentially leaving their front door open for every crook who’s not too lazy to come in.

- Jurgita Lapienytė is the Editor-in-Chief at Cybernews, where she leads a team of journalists and security experts dedicated to uncovering cyber threats through research, testing, and data-driven reporting. Email feedback to columns@gleanerjm.com