LLMs aren’t launching ransomware, but they are optimizing it

Published: 16 December 2025
Ransomware AI-enabled uptick
By Shutterstock

A nightmare scenario of fully autonomous ransomware powered by AI remains largely theoretical, according to new research.

While large language models (LLMs) are increasingly embedded in criminal workflows, new research suggests that, rather than ushering in a new era of automated cyberattacks, they’re mostly being used to augment and accelerate existing operations.

SentinelLabs researchers found no evidence that LLMs are launching end-to-end ransomware campaigns without human operators.

ADVERTISEMENT

Instead, they’re being used to speed up reconnaissance, improve targeting, and lower the skill barrier for entry – without replacing human operators.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Google News Follow us

This runs counter to a growing security industry narrative around AI-driven ransomware, which has focused on imminent self-directing malware.

Sentinel’s findings suggest that, for now at least, those fears are being overstated.

Last month, the research community even called out an MIT paper for exaggerating AI’s role in ransomware attacks.

Automation of decision-making

From Sentinel’s report, it appears that the most concerning development is not automation of exploitation, but the automation of decision-making.

LLMs are increasingly used to triage stolen data, identify extortion opportunities, and tailor communications to victims with new levels of speed and linguistic precision.

ADVERTISEMENT

Just as marketing teams utilize LLMs to refine large datasets, threat actors are leveraging them to sift through breached files and identify valuable information.

This capability is amplified across languages. A Russian-speaking operator might overlock files labelled “Fatura” or “Rechnung” [ the Turkish and German words for ‘Invoice’ respectively], whereas an LLM will not.

RansomTemplateR.jpeg
Example of a RaaS ransom note template

Researchers found models could be promoted to “find all documents related to financial debt or trade secrets” across Arabic, Hindi, Spanish, or Japanese – significantly outperforming other tools.

That same linguistic flexibility is showing up in extortion, the researchers found.

Threat actors are localizing phishing emails and negotiating with victims in their native language. They are also generating ransom notes that mirror corporate tone and terminology.

“What we observe is a pattern of LLMs accelerating execution, enabling automation through prompts and vibe-coding, streamlining repetitive tasks, and translating spoken language on the fly."

— SentinelLabs

Criminals are also learning how to work around model safeguards. Rather than asking for obviously malicious outputs, they fragment tasks into benign-looking prompts across multiple sessions or even multiple models, then stitch the results together offline.

Open source models such as Ollama are popular because they offer “more control, minimized provider telemetry, and have fewer guardrails than commoditized LLMs”.

ADVERTISEMENT

Sentinel found little evidence of LLMs reliably producing viable exploits, however.

React2Shell exploits: threat or slop?

Researchers said that credible reports of LLM-generated zero-days remain “scarce and difficult to verify”.

The December 2025 REact2Shell scare is cited as a cautionary tale: a proof-of-concept exploit circulated rapidly, only to be debunked by researchers as non-functional and likely LLM-generated.

The result was noise, not weaponization – but a pattern security defenders should expect more of.

React-logo-crypto
Some of the early React2Shell exploits proved to be little more than AI slop

Where automation has appeared, it is still constrained. SentinelLabs points to an Anthropic disclosure describing a threat actor using Claude Code to automate parts of an extortion campaign, including data selection and ransom calculation.

While impressive, the researchers stress this was not a push-button attack – human oversight remained central.

Further PoC concept tools, such as MalTerminal and PromptLock, show how LLMs could be stitched into ransomware tooling, particularly when run locally. “

Once optimised, local and self-hosted models will be the default for higher-end crews,” the report predicted, but these tools remain immature.

ADVERTISEMENT

The demise of the mega cartel

It’s not only the technology that is evolving: the structure of ransomware ecosystems is also shifting. The era of the big dog ransomware gangs, such as LockBit and Conti, has faded under sustained law enforcement pressure.

In their place are smaller, shorter-lived crews such as Termite, The Gentlemen, and Obscura.

LLMs are helping these lower-skill actors operate more efficiently, the report says, but not more inventively as AI makes ransomware faster, cheaper, and more scalable.

However, it is not yet autonomous. For now, at least.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT