Artificial intelligence may not be orchestrating major cyberattacks on its own just yet. However, it’s making attacks easier to carry out and it’s putting smaller, less protected businesses at even greater risk.
What the Data Is Telling Us
Ransomware attacks are on the rise, and this can be seen with the naked eye. In 2024, RansomLooker, which relies on constant monitoring of criminals’ data leak sites, recorded 5,189 ransomware attacks. That’s a 24% rise from the year before.
It is important to highlight here that these are only the attacks that criminals brag about, because they are either trying to pressure those victims into paying the ransom or putting big names out there to boost their reputation. The real scope may be much, much bigger.
In 2025, Russia-based Qilin was the most vocal gang, with 776 victims in its basket, and Asahi, the Japanese beer maker, was one of the more prominent targets.
How Are Ransomware Gangs Using AI?
AI-generated malware is a new goodie on the shelves of the dark web — yet another ready-to-use cybercrime tool that makes ransomware attacks easier and hence more prevalent. Anthropic discovered that criminals abused its Claude model to generate malware, which they were later selling for $400–$1,200 on dark web forums. While not the most sophisticated programs, they could still perform the most important functions, like evading discovery, encrypting files and employing anti-recovery mechanisms, and they came professionally packaged.
It may take a very sophisticated attack to bring a bank to its knees, if that’s even possible given how well protected against cyberattacks they are. It’s a different story for others.
Cyberattackers are increasingly going after small and medium-sized businesses, and those tend to crumble more easily. For a small, family-owned entity with little to no cybersecurity resources, even the “dumbest” AI-written malware can mean the end of the business.
Some sectors are also particularly vulnerable. RansomLooker data reveals that manufacturing was hit the hardest last year, accounting for 28% of all ransomware attacks where the victim’s industry is known. I’d assume many cases go underreported because manufacturers are avoiding downtime costs at all times and are more likely to pay the ransoms.
It also doesn’t help our case that we are rushing to implement AI solutions, failing to weigh potential benefits against risks, or stalling AI usage in the office, leading to employees using it in secret and hence opening another backdoor for threat actors.
ESET researchers discovered evidence that AI can craft malware from beginning to end. But that isn’t the greatest threat yet. What crooks find AI most useful for is social engineering, using it to craft convincing phishing lures and threatening ransom notes.
AI has definitely become instrumental in cyberattacks and has contributed to the rise in ransomware. But what’s about to come may be much worse.
What to Expect in 2026?
AI or no AI, sophisticated threat actors like the ones behind Qilin and Cl0p will continue to sow terror among businesses. However, armed with AI, average crooks are about to become a big headache, too.
Cheaply generated malware will become more accessible, AI tools will help them craft convincing phishing campaigns, and they will be able to analyze extorted files to learn what can hurt the victim the most.
Despite the fact that ransomware and AI’s roles were under the media spotlight worldwide in 2025, we still don’t see any exponential growth in ransomware cases. RansomLooker data points to a steady increase in ransomware incidents.
In 2026, we expect to see a rapid acceleration in ransomware cases and other AI-assisted scams for various reasons, in part because AI makes it easier to become a criminal and requires less or no technical knowledge — just motivation.
With the agentic AI explosion, shadow AI usage in organizations, rushed AI tool implementation and layoffs within the cybersecurity field, businesses will become much more exposed and vulnerable, essentially leaving their front door open for every crook who’s not too lazy to come in.
Jurgita Lapienytė is the editor-in-chief at Cybernews, a globally recognized independent media outlet where journalists and security experts debunk cyber by research, testing and data.
Recognized as the Cybersecurity Journalist of the Year and featured in Top Cyber News Magazine’s 40 Under 40 in Cybersecurity, she is a thought leader shaping the conversation around cybersecurity. Lapienytė has been quoted internationally — by Metro UK, The Epoch Times, Extra Bladet, Computer Bild and more. Her team reports on proprietary research highlighted in such outlets as the BBC, Forbes, TechRadar, Daily Mail, Fox News, Yahoo and much more.
