The AI-powered future of ransomware is coming soon - here's what we need to look out for

4 hours ago 1

Representational image of a cybercriminal

Image Credit: Pixabay (Image credit: Pixabay)

Kaspersky recently analyzed FunkSec, a new ransomware group
This group uses AI to generate code in the encryptors and other tools
Ransomware is steadily growing as a threat

The future of ransomware threats lies in Generative Artificial Intelligence (GenAI), as hackers are increasingly using the nascent technology to improve and streamline their coding processes, experts have warned.

The latest State of Ransomware report from Kaspersky’s Global Research and Analysis Team (GReAT) analyzed FunkSec, a relatively new ransomware group, first spotted in late 2024.

Despite its junior status, FunkSec already made a name for itself, “quickly surpassing many established actors by targeting government, technology, finance and education sectors across Europe and Asia,” Kaspersky said.

Lowering the barrier for entry

Analyzing the code in its products, the researchers determined that the group is actively using GenAI.

Telltale signs include generic placeholder comments (for example “placeholder for actual check”) and technical inconsistencies (commands for different operating systems that don’t align), they said.

Furthermore, they observed declared but unused functions such as modules included upfront but never utilized, which is something large language models are apparently used to doing.

“More and more, we see cybercriminals leveraging AI to develop malicious tools. Generative AI lowers barriers and accelerates malware creation, enabling cybercriminals to adapt their tactics faster. By reducing the entry threshold, AI allows even less experienced attackers to quickly develop sophisticated malware at scale,” said Marc Rivero, Lead Security Researcher at Kaspersky’s GReAT.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

AI-powered attacks will probably require AI-powered defenses, as well. Today, many of the best antivirus and endpoint protection services use AI and machine learning, mostly to detect threats that traditional signature-based methods would miss.

Companies like CrowdStrike, SentinelOne, Sophos, Microsoft Defender for Endpoint, Palo Alto Networks, and many others, are vocal about their AI/ML capabilities, often emphasizing speed, accuracy, and lower false positives compared to legacy solutions.

In this report, Kaspersky recommended users enable ransomware protection for all endpoints, keep everything updated, and focus defense strategies on detecting lateral movements and data exfiltration, among other things.

One of the most powerful ransomware hacks around has been cracked using some serious GPU power
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article