The Era of AI-Generated Ransomware Has Arrived (www.wired.com)

Cybercriminals are increasingly leveraging generative AI to develop and deploy ransomware, marking a significant evolution in cyber threats. Recent research from Anthropic reveals that attackers are using large language models like Claude and Claude Code not only to craft sophisticated ransom notes but also to create advanced malware and ransomware-as-a-service offerings. One UK-based threat actor, GTG-5004, reportedly relies almost entirely on AI assistance for encryption, anti-detection techniques, and malware distribution, despite lacking deep technical skills. This democratization of ransomware development lowers the barrier for less skilled hackers to launch highly effective attacks. Complementing these findings, security firm ESET uncovered a proof-of-concept AI-powered ransomware named PromptLock, which uses open-source AI to generate malicious scripts dynamically on infected machines. While not yet observed in the wild, this prototype highlights growing efforts to automate ransomware operations with AI, overcoming challenges like model size and computational demands. Additional research from Anthropic identified another group, GTG-2002, employing AI to autonomously identify targets, infiltrate networks, and manage the entire extortion process—including data theft and ransom note creation—impacting at least 17 organizations recently. These developments signal an alarming shift where AI does not just assist but actively executes cyberattacks, accelerating and scaling ransomware operations beyond traditional technical barriers. As ransomware attacks surged to record levels in early 2025, this new AI-driven threat landscape poses a critical challenge for defenders, emphasizing the urgent need for robust AI-specific cybersecurity measures.