Artificial Intelligence Used in 80% of Ransomware Attacks

A new report from MIT Sloan cybersecurity research reveals that AI is leveraged in 80% of ransomware attacks.  Of the 2811 ransomware cases investigated, adversaries used AI 80.8% of the time in their attacks.  Organized threat agents like LockBit, RansomHub, Akira, ALPHV/BlackCat, and BlackBasta showed a prominent use of AI to pursue their ransomware ambitions.

We may be at the turning point.  Advanced AI tools are empowering cyber attackers to facilitate digital extortion at unprecedented scale.

The report found that AI is used to create malware, customize phishing campaigns, bypass common security controls, and produce sophisticated social engineering attacks.  Additionally, AI is leveraged to optimize attacker’s reconnaissance of targets, weaponization of attack tools, improve the ingress of attacks, control compromised systems at scale, and exfiltrating data without being detected.

While the cybersecurity industry expected this evolution, the rapid adoption of AI by cybercriminals has outpaced predictions. This trend underscores how quickly malicious actors adapt and embrace new technology to achieve their objectives.

Cybersecurity must now step forward with tools, processes, and behaviors that adapt to the new risk reality.  Cybercrime, like ransomware, is just the first step.  Other types of attacks, such as data breaches and infrastructure overthrow are close behind.

Report is available for direct download from MIT: https://cams.mit.edu/wp-content/uploads/Safe-CAMS-MIT-Article-Final-4-7-2025-Working-Paper.pdf