The future of AI-driven ransomware is looming.
More and more ransomware code is being developed using artificial intelligence.
Recently, an analysis by Kaspersky on FunkSec, a new ransomware group, has pointed out that this organization utilizes artificial intelligence to generate code in its encryption tools. The increase in ransomware threats is evident, and experts caution that the future of these attacks lies in generative artificial intelligence (GenAI), as cybercriminals are increasingly leveraging this emerging technology to enhance their coding processes.
Kaspersky's Global Research and Analysis Team (GReAT) has highlighted that FunkSec, first detected in late 2024, has already managed to stand out by quickly surpassing other established players, targeting sectors such as government, technology, finance, and education in Europe and Asia.
In their analysis of the group's code, researchers found evidence of the active use of GenAI by the group. Telling signs include generic placeholder comments and certain technical inconsistencies, such as commands that do not conform to different operating systems. They also observed declared but unused functions, a common pattern in large language models.
Marc Rivero, principal security researcher at Kaspersky, commented that cybercriminals are increasingly harnessing artificial intelligence to develop malicious tools. Generative intelligence not only lowers entry barriers, but also accelerates the creation of malware, making it easier for less experienced attackers to develop sophisticated software on a large scale.
This surge in AI-driven attacks implies that equally advanced defenses will also be necessary. Currently, many of the top antivirus and endpoint protection services incorporate AI and machine learning, primarily to detect threats that traditional methods cannot identify. Companies like CrowdStrike, SentinelOne, Sophos, and Microsoft Defender are at the forefront in this aspect, emphasizing speed, accuracy, and a lower false positive rate compared to older solutions.
In its report, Kaspersky recommends that users enable ransomware protection on all endpoints, keep software updated, and focus defense strategies on detecting lateral movements and data exfiltration, among other recommendations.