Ransomware Criminals Exploit AI Tools

AI tools are increasingly being used by cybercriminals to steal sensitive data and extort organizations. Recent developments highlight how LLMs lower the barrier for ransomware and financially motivated cybercrime, offering a glimpse into future threats.

ESET malware researchers Anton Cherepanov and Peter Strýček have identified 'PromptLock,' an AI-powered ransomware. Although not fully functional yet, it could theoretically target organizations. Researchers found Windows and Linux variants uploaded to VirusTotal.

PromptLock is not as advanced as Qilin or INC, with limited file encryption capabilities and slow operation, but its emergence signals that AI-driven ransomware is no longer just a theoretical threat.

Anthropic reported that its Claude Code AI tool was used in a data extortion operation affecting 17 organizations, demanding ransoms between $75,000 and $500,000. Anthropic responded by banning accounts and enhancing safety measures.

Cisco Talos' Nick Biasini warned that malicious actors might soon use AI to orchestrate and scale criminal activities. TRM Labs' Ari Redbord noted a significant rise in GenAI-enabled scams, predicting AI agents could automate malware deployment.

Google's Michelle Cantos stated that while AI is not yet advanced enough to replace ransomware affiliates, it enhances their capabilities in information gathering and command crafting. AI integration automates negotiation processes, allowing for rapid expansion of ransomware operations.