{"id":4732,"date":"2025-09-09T01:12:54","date_gmt":"2025-09-09T01:12:54","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4732"},"modified":"2025-09-09T01:12:54","modified_gmt":"2025-09-09T01:12:54","slug":"ai-powered-autonomous-ransomware-campaigns-are-coming-say-experts","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4732","title":{"rendered":"AI powered autonomous ransomware campaigns are coming, say experts"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>The creation of an AI proof of concept that can autonomously build and execute a ransomware attack from scratch shouldn\u2019t alarm CISOs who are prepared, says an expert.<\/p>\n<p>The defense against such a proposed new tool, said <a href=\"https:\/\/securityandtechnology.org\/person\/taylor-grossman\/\" target=\"_blank\" rel=\"noopener\">Taylor Grossman<\/a>, director for digital security at the Institute for Security and Technology (IST), is simple: \u201cBoring cyber hygiene practices.\u201d<\/p>\n<p>\u201cBeing aware of where things are going is certainly helpful,\u201d she said, \u201cbut there\u2019s so much to be done already and a lot of those defensive measures can also help some of this AI-enabled ransomware as well.\u201d<\/p>\n<p>She was commenting on a furor raised last week when security researchers at New York University <a href=\"https:\/\/arxiv.org\/pdf\/2508.20444v1\" target=\"_blank\" rel=\"noopener\">published an article<\/a> claiming to have created a prototype of large language model (LLM)-orchestrated ransomware.<\/p>\n<p>\u201cUnlike conventional malware,\u201d they wrote, \u201cthe prototype only requires natural language prompts embedded in the binary; malicious code is synthesized dynamically by the LLM at runtime, yielding polymorphic variants that adapt to the execution environment. The system performs reconnaissance, payload generation, and personalized extortion, in a closed-loop attack campaign without human involvement.\u201d<\/p>\n<p>They dubbed this next generation of malware Ransomware 3.0.<\/p>\n<p>Security provider ESET, which came across traces of their work in the VirusTotal virus scanner, <a href=\"https:\/\/www.welivesecurity.com\/en\/ransomware\/first-known-ai-powered-ransomware-uncovered-eset-research\/\" target=\"_blank\" rel=\"noopener\">quickly called it \u201cthe first known AI-powered ransomware,\u201d<\/a> before clarifying the NYU discovery is a proof of concept and not in the wild. Nevertheless, a number of IT news outlets picked up the ESET report, treating it as an in the wild attack.<\/p>\n<p>The NYU research should have been expected. After all, a number of security vendors predicted a while ago that threat actors will try to leverage AI in the creation of malware. For example, just over a year ago, the IST <a href=\"https:\/\/securityandtechnology.org\/virtual-library\/report\/the-implications-of-artificial-intelligence-in-cybersecurity\/\" target=\"_blank\" rel=\"noopener\">released a report on the implications <\/a> \u2013 pro and con \u2013 of AI in cybersecurity. I<a href=\"https:\/\/www.csoonline.com\/article\/4009603\/north-koreas-bluenoroff-uses-ai-deepfakes-to-push-mac-malware-in-fake-zoom-calls.html\" target=\"_blank\" rel=\"noopener\">n June, CSO reported <\/a>that a North Korean-affiliated gang is using AI generated deepfakes in real-time video calls. And last month, Anthropic <a href=\"https:\/\/www.csoonline.com\/article\/4047148\/anthropic-detects-the-inevitable-genai-only-attacks-no-humans-involved.html\" target=\"_blank\" rel=\"noopener\">said it has discovered genAI attacks that didn\u2019t need a human hand.<\/a><\/p>\n<p>Grossman\u2019s work at IST includes supporting the Ransomware Task Force, <a href=\"https:\/\/securityandtechnology.org\/ransomwaretaskforce\/\" target=\"_blank\" rel=\"noopener\">which has produced guidance for infosec pros on combating ransomware<\/a>. She avoided describing the NYU proof of concept as alarming. Rather, she suggested, it\u2019s expected.<\/p>\n<p>So far, it only works in a university lab setting, she pointed out, but she doesn\u2019t doubt a real tool used by a threat actor is coming. She\u2019s more interested today in the fact that such a tool will make it easier for less technically sophisticated people to enter the ransomware game.<\/p>\n<p><a href=\"https:\/\/josephsteinberg.com\/cybersecurityexpertjosephsteinberg\/\" target=\"_blank\" rel=\"noopener\">Joseph Steinberg<\/a>, a US-based cybersecurity and AI expert, also wasn\u2019t surprised by the research.<\/p>\n<p>\u201cWhile the folks at NYU produced a proof of concept,\u201d he said in an email to<em> CSO<\/em>, \u201cit is entirely possible that criminals beat them to it. I have already seen AIs that can do scans, write malware, identify which resources are most valuable, [and more]. It is no surprise that someone found a way to have an AI automate such functions.\u201d<\/p>\n<p>Grossman advised CISOs to continue implementing security controls under frameworks created by the <a href=\"https:\/\/www.cisecurity.org\/controls\" target=\"_blank\" rel=\"noopener\">Centre for Internet Security<\/a> or the <a href=\"https:\/\/www.nist.gov\/cyberframework\" target=\"_blank\" rel=\"noopener\">US National Institute for Standards and Technology (NIST)<\/a>.<\/p>\n<p>\u201cWe\u2019re unlikely at this point to see a shift in the ransomware model\u201d from an AI-generated autonomous ransomware attack tool, she said.<\/p>\n<p>\u201cThis is a good opportunity to remind people that, while the NYU study can be frightening in a lot of facets, there is a lot [defensively] that can be done that organizations aren\u2019t prioritizing. The tools are out there and we need better awareness of what can be done.\u201d<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>The creation of an AI proof of concept that can autonomously build and execute a ransomware attack from scratch shouldn\u2019t alarm CISOs who are prepared, says an expert. The defense against such a proposed new tool, said Taylor Grossman, director for digital security at the Institute for Security and Technology (IST), is simple: \u201cBoring cyber [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":4733,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4732","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4732"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4732"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4732\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4733"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4732"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4732"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4732"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}