A recent study by MIT Sloan and Safe Security shows a sharp increase in ransomware attacks using artificial intelligence (AI). Analyzing 2,800 ransomware incidents, researchers found that 80% of attacks now rely on AI, while only 20% remain non-AI-based.
Experts expect this proportion to rise further in 2025 as AI tools become more accessible to cybercriminals.
How AI is transforming ransomware attacks
AI is being used across several attack methods:
- Advanced malware creation – automating the creation of hard-to-detect ransomware.
- Targeted phishing campaigns – AI crafts convincing messages tailored to individuals or organizations.
- Deepfake-driven social engineering – realistic audio or video is used to trick employees, such as fake customer service calls.
- LLM-assisted attacks – large language models help with password cracking, bypassing CAPTCHAs, and generating malicious code.
These AI-driven methods allow attackers to exploit weaknesses faster than traditional security measures, reshaping the threat environment.
The cybersecurity challenge
Michael Siegel, principal research scientist at CAMS, explains the inherent imbalance:
“The attacker only needs one point of entry, while the defender must secure all points.”
AI worsens this imbalance by accelerating attacks, making real-time detection and defense harder for IT teams.
Proactive strategies against AI ransomware
Experts suggest a layered, AI-informed defense strategy with three main pillars:
- Automated security hygiene
- Self-healing code and self-patching systems
- Continuous monitoring and zero-trust architectures
- Automated attack surface management
- Autonomous and deceptive defense systems
- Real-time analytics and machine learning to anticipate attacks
- Moving-target defenses and decoy systems to confuse attackers
- Augmented oversight and reporting
- Executive dashboards with real-time intelligence on emerging threats
- Data-driven decision-making to guide rapid response
As cybercriminals increasingly use AI, AI-powered ransomware attacks are expected to dominate in 2025. Organizations will need strong AI-driven defenses and ongoing monitoring to counter evolving threats.
