Ransomware powered by artificial intelligence: How urgent is the issue?

Ransomware attacks continue to be one of the biggest modern cyber threats, affecting organisations and individuals on a global scale. Now, with the rise of AI technologies, cybercriminals are even better armed to enhance their tactics and create more sophisticated attacks. The UK National Cyber Security Centre assessed this phenomenon earlier this year and concluded that AI will almost certainly soon increase the number and impact of cyber attacks - including ransomware.

Marc Rivero, Lead Security Researcher at Kaspersky GReAT (Global Research and Analysis Team), highlights the importance of the threat and what security teams need to do to stay ahead of developments:

With the impact of ransomware attacks on public and private organizations escalating to the point of threatening national security, it is no surprise that it is a pressing issue for national cybersecurity regulators. Plus, the increasing proliferation of large language models (LLMs) creates additional strength to the threat, as it enables threat actors to exploit the technology to increase their operations and launch more targeted attacks.

One way in which AI-based attacks can be exacerbated is through neural networks, which are increasingly being used to create visual material for scams. With the ability to effortlessly create lifelike images and videos, perpetrators can easily create lifelike fake mail files or malicious websites to unleash ransomware on victims' computers.

Also, at the consumer level, security professionals have a larger attack surface to defend. With LLMs that follow instructions being incorporated into consumer-facing products, this means that these AI technologies are being integrated into everyday tools and services used by the general public. This integration brings new and more complex potential security vulnerabilities as the probabilistic nature of AI interacts with more predictable traditional rules-based technologies.

Even taking these elements into account, we remain sceptical that the threat landscape will change significantly in the near future. While cybercriminals are adopting new technologies, such as productive artificial intelligence, it is unlikely that the attack landscape will change. In many cases, the technology is not yet advanced enough or easy to use; in others, automated cyberattacks mean automated red-teaming, and more efficient malware creation means the same efficiency gains for defenders, so the risks can easily be offset by new perspectives.

In general, to mitigate the risk of ransomware attacks, rigorous cybersecurity measures such as deploying robust security solutions, disabling services that are not being used and conducting systematic intrusion and vulnerability testing should be prioritised.