Only 20% of ransomware is not powered by AI, but expect that number to drop even further in 2025

News
By published

Attackers require just one point of entry, while defenders must secure everything

cyber, attack, hacked word on screen binary code display, hacker
(Image credit: Shutterstock/supimol kumying)
  • 80% of ransomware attacks are now powered by artificial intelligence tools
  • AI enables malware creation, phishing campaigns, and deepfake-driven social engineering attacks
  • LLMs help password cracking, automated code generation, and CAPTCHA bypass

AI is increasingly used to create malware, phishing campaigns, and deepfake-driven social engineering, such as fake customer service calls.

According to new research from MIT Sloan and Safe Security, examining 2,800 ransomware attacks, 80% of these attacks were powered by artificial intelligence.

Large language models can now enable password cracking, CAPTCHA bypass, and automated code generation, showing how AI tools are reshaping the threat landscape.

The asymmetric challenge of cybersecurity

Experts warn that AI allows attackers to operate at unprecedented speed and scale, creating challenges for traditional malware removal techniques.

Michael Siegel, principal research scientist at CAMS, notes “that the attacker only needs one point of entry and exploitation while the defender must stop all entry points and be resilient to all exploitations."

This imbalance is made worse as AI accelerates both attack and defense methods.

Familiar forms of cyberattack, including ransomware and phishing, are evolving into more advanced AI-powered variants.

Organizations must consider that while defenses can adapt, attackers using AI have an advantage in exploiting weak points faster than human teams can respond.

Combating AI-driven ransomware requires more than AI-powered tools alone.

Researchers recommend a proactive, multi-layered approach combining human oversight, governance frameworks, AI-driven simulations, and real-time intelligence sharing.

The first pillar involves automated security hygiene, including self-healing code, self-patching systems, zero-trust architectures, and continuous attack surface monitoring.

The second focuses on autonomous and deceptive defense systems, which use analytics, machine learning, and real-time data to anticipate and counter threats.

Techniques such as automated moving-target defense and deceptive information allow security teams to act proactively.

The third is augmented oversight and reporting, giving executives real-time insights into emerging threats to guide decisions and responses.

Building on the three defense pillars, organizations can take concrete steps to strengthen ransomware protection.

As AI becomes increasingly integrated into cyberattacks, the proportion of ransomware powered by AI is expected to rise further in 2025.

You might also like

Efosa Udinmwen
Efosa Udinmwen
Freelance Journalist

Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products. Efosa can be contacted at this email: udinmwenefosa@gmail.com

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.