Ransomware groups like Black Basta and FunkSec are increasingly using AI to enhance their extortion tactics, resulting in significant financial losses, such as $724 million stolen using TrickBot malware. The report highlights the growing prevalence of extortion methods, including DDoS attacks, and offers insights into regional trends and mitigation strategies.

Researchers from ESET have identified PromptLock, the first known AI-powered ransomware, which is currently a non-functional proof-of-concept. This prototype utilizes OpenAI's gpt-oss-20b model to generate malicious Lua scripts and operates within a controlled environment, highlighting the potential dangers of AI in cybercrime despite no active infections being reported.

NYU researchers developed a proof-of-concept AI-powered ransomware, dubbed Ransomware 3.0, which utilizes large language models to create customized attacks targeting specific files on victim systems. The project unexpectedly gained attention when security analysts mistakenly identified it as a real threat, prompting discussions about the implications of AI in ransomware development. While the malware is not functional outside a lab setting, researchers warn that the techniques could inspire actual cybercriminals to create similar threats.

Ransomware is evolving with the integration of GenAI and LLMs, leading to more sophisticated attacks such as AI-driven phishing and quadruple extortion. Experts discuss how groups like CL0P and FunkSec utilize AI to enhance their operations and pressure victims, while emphasizing the need for defenders to implement AI-aware security measures across various platforms. Strategies for securing identities and leveraging API visibility against emerging threats are also highlighted.