Attackers are increasingly deploying AI tools to execute ransomware attacks at scale
Summary
- Scammers are using AI to scale their ransomware operations
- Bad actors are creating ready-made kits for ransomware attacks
- The number of verified victims rose 70% in the first half of 2025
With the increased availability of AI tools, scammers are deploying ransomware at scale. According to a report by OutreachX, automation and AI are contributing to a significant increase in attacks as scammers deploy “ransomware-as-a-service” kits.
The use of these tools has coincided with a significant increase in ransomware cases. According to an Acronis report, the number of verifiable ransomware victims rose 70% in the first half of 2025. Part of this increase could be because scammers can deploy their attacks on a greater scale.
Moreover, these attacks increasingly exploit human error through the use of AI. Attackers use LLMs such as ChatGPT to write phishing emails, extortion notes, and other content designed to pressure victims. They subsequently sell these as kits that can be used in other attacks.
“We’re watching ransomware move from code to content. It’s not just malware, it’s narratives, campaigns, and pressure scripts, sold as plug-and-play,” said Anirudh Agarwal, CEO of OutreachX.
Ransomware attacks on the rise
Crypto continues to play a central role in ransomware attacks, remaining the preferred payout method for attackers. However, despite an increase in the number of victims, the total volume of ransom payments fell fell 35% in 2024, according to a report by Chainalysis.
Improved investigative practices, asset seizures, and on-chain sanctions helped reduce ransom gains, especially in the second half of 2024. Moreover, restrictions on many Russian-based crypto platforms significantly reduced the ability of attackers to launder their funds.