Bracing for AI-enabled ransomware and cyber extortion attacks

As businesses scramble to take the lead in operationalizing AI-enabled interfaces, ransomware actors will use it to scale their operations, widen their profit margins, and increase their likelihood of pulling off successful attacks. As a result, an already sophisticated business model of encryption-less extortion will further benefit from AI advancements, exacerbating the threat to both public and private organizations. We are facing a future where the same technologies we’ve recently come to use to direct help desk inquiries or help reserve a table at a restaurant may be used by ransomware groups to improve their social engineering tactics and technical skills.

In a dark parody of legitimate organizations, in the coming years ransomware groups may use chatbots and other AI-enabled tools to:

• Use AI voice cloning for voice-based phishing (a.k.a., vishing) attacks to impersonate employees to gain privileged access
• Tailor email-based phishing attacks with native language accuracy in multiple languages
• Discover and identify zero-day vulnerabilities that can be leveraged for initial access
• Reduce the time required to develop malicious code and lower the bar for entry When AI-enabled capabilities are coupled with potent malware, we should expect cybercriminals to double down on ransomware as a means of generating revenue rather than abandoning it in favor of something new.

**HelpNet Security** 10/24/2023