AI-Driven Ransomware Attacks Hit Nearly 8,000 Victims Globally in 2025
Malware coverage focused on infection paths, containment steps and indicators defenders should watch.
Responsible editor: Marcin Pocztowski / Infrastructure and Vulnerability Response
Infrastructure Security Editor: Marcin Pocztowski / Infrastructure and Vulnerability Response
Last reviewed by: Marcin Pocztowski on May 01, 2026
Technical review credentials: Security+ evidence | RHCSA evidence | JNCIS-SEC evidence
Published on HackWatch: Apr 30, 2026
Source date: May 01, 2026
Last updated: May 01, 2026
Incident status: Resolved or patched
Last verified: May 01, 2026
Corroborating sources: 4
Trust note:This alert is maintained under HackWatch's editorial policy, with visible source records, a named responsible editor and a correction channel for disputed facts.
AI tools may assist HackWatch with initial monitoring and source clustering. The public article is reviewed, fact-checked and edited by a real HackWatch reviewer before publication or material updates. Last human review: May 01, 2026.
Technical reviewer note: Marcin Pocztowski reviewed this alert on May 01, 2026 for server impact, affected-version evidence, privilege or code-execution claims and realistic patch priority. His remediation note follows the same discipline he would use around Juniper routers and production servers: verify scope, preserve useful logs, reduce exposed management access and only then apply the fix or compensating control supported by the 4 corroborating sources.
Review our editorial policy or send corrections to [email protected].
Resolved or patched. Source coverage indicates that a fix or formal remediation has been published. Verify that updates are applied in your environment.
AI-driven ransomware attacks surged to 7,831 cases worldwide in 2025, fueled by automated tools like WormGPT and FraudGPT. This trend marks a shift to faster, more scalable cybercrime, raising urgent challenges for organizations and law enforcement.
GLOBAL, May 1, 2026, 07:48 UTC
- AI-powered ransomware incidents reached 7,831 globally in 2025.
- Cybercriminals exploited automated platforms such as WormGPT, FraudGPT, and BruteForceAI.
- The rise represents a move toward industrial-scale ransomware campaigns.
Ransomware attacks leveraging artificial intelligence surged sharply last year, affecting 7,831 victims worldwide, according to a report by GBHackers Security. The data highlights a significant escalation in the frequency and automation of ransomware operations.
The increase stems from widespread access to AI-enabled cybercrime tools like WormGPT, FraudGPT, and BruteForceAI. These platforms automate key attack stages, including password cracking, phishing message generation, and malware deployment, allowing threat actors to scale operations rapidly.
Security experts warn this automation transforms ransomware from a targeted, manual effort into a broad, industrialized threat. The reduced time between initial breach and data encryption compresses detection windows, complicating incident response.
Critical sectors such as healthcare, finance, and infrastructure have reported a rise in ransomware incidents. The rapid uptick has placed additional strain on cybersecurity teams and incident responders worldwide.
The availability of AI-powered tools lowers the skill threshold for attackers, expanding the pool of potential threat actors. This democratization of cybercrime capabilities suggests ransomware activity may continue to grow.
Ransomware groups still demand cryptocurrency payments, but the speed and scale of these AI-enhanced attacks hinder efforts to trace and disrupt criminal networks. Law enforcement agencies face mounting challenges adapting to these evolving tactics.
Victims are urged to strengthen cybersecurity measures immediately by applying multi-factor authentication, updating software regularly, and maintaining offline backups of critical data.
The report calls for coordinated efforts among private cybersecurity teams, governments, and international partners to address the escalating AI-driven ransomware threat.
Looking forward, experts expect ransomware attacks to grow more sophisticated as AI advances. Organizations should prioritize proactive threat hunting and invest in AI-based defenses to keep pace.
Recommended actions include ensuring systems are patched, enabling multi-factor authentication, conducting phishing awareness training, securing offline backups, and monitoring networks for unusual activity.
Users should employ strong, unique passwords managed by reputable tools, avoid unsolicited links, keep antivirus software current, and limit user privileges to reduce exposure.
As of mid-2026, ransomware campaigns continue evolving, with new variants using generative AI to craft convincing phishing lures and evade detection. Cybersecurity firms report increased investment in AI-driven defense technologies. Vigilance and adaptive strategies remain essential.
This analysis draws on GBHackers Security's May 2026 report on AI-powered ransomware trends. More details are available at https://gbhackers.com/ai-powered-ransomware/
Sources used for this article
securityboulevard.com, securitybrief.co.nz, gbhackers.com
- https://securityboulevard.com/2026/04/ransomware-victims-up-389-tte-less-than-two-days-how-can-defenders-stay-ahead/
- https://securityboulevard.com/2026/04/ransomware-victims-up-389-tte-in-less-than-two-days-how-can-defenders-stay-ahead/
- https://securitybrief.co.nz/story/fortinet-warns-ransomware-victims-rise-389-amid-ai
- https://gbhackers.com/ai-powered-ransomware/
