Ransomware groups multiply as AI lowers entry barriers

Published: 8 October 2025
Last updated: 9 October 2025
ransomware-dna
Image by Cybernews.

Blockchain analysts have identified nine emerging ransomware groups, noting that AI-powered solutions are lowering the entry barriers for new criminals and helping established groups scale up their operations.

In its latest report, TRM Labs said that criminals are now using AI to automate coding, conduct social engineering, and generate polymorphic malware, which alters its code with each infection to evade detection.

The analysts have found nine new ransomware groups that have emerged in the past 12 months, each with growing scale, operational maturity, and demonstrated victim impact.

ADVERTISEMENT

These include Arkana Security, Dire Wolf, Frag, and Sarcoma, which target mid-market firms across North America and Europe, AiLock, APTLock (believed to be linked to Russian state group Fancy Bear), Kairos / Kairos V2, Weyhro, and, finally, Termite, which is believed to be a Babuk rebrand.

Rockets-dropping-down
Image by Cybernews.

Meanwhile, AiLock markets itself as AI-driven and pressures victims by threatening regulators and competitors.

"Groups publicly embracing AI will likely lead to other threat actors doing so at scale, underscoring the need for behavior-based detection, AI-driven intelligence, and zero-trust defenses," TRM said.

Curious what others think about this story? Contribute your thoughts to the debate below.

What’s more, according to the analysts, some ransomware groups are now focusing more on reputational damage, regulatory pressure, and data leaks to extort victims, instead of simply encrypting their data.

Additionally, state-sponsored groups are increasingly collaborating with financially motivated actors to pool resources and maximize their campaigns, which now favor speed, psychological pressure, and flexible affiliate models over advanced tooling, TRM said.

ADVERTISEMENT
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

They’ve also found that while ransomware operators still prefer bitcoin (BTC) for payments, crime proceeds are being converted into ethereum (ETH), tron (TRX), and other so-called altcoins.

"As machine learning–enabled ransomware that better evades detection and [ransomware-as-a-service] models continue to democratize the cybercrime landscape, the ransomware ecosystem is becoming more fragmented – but no less dangerous," the analysts concluded, adding that opportunistic actors now operate alongside experienced threat groups.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT