Securin has published its 2025 Ransomware Report, revealing that generative AI is rapidly amplifying ransomware operations. The technology lowers barriers to entry, enables greater attack scale, and heightens psychological pressure on leadership, risk teams, and frontline employees, even though it does not yet fully automate attacks.
Based on analysis of 7,061 confirmed ransomware victims across 117 threat groups, the 2025 Ransomware report shows ransomware evolving into a hybrid threat that blends cybercrime with infrastructure disruption, identity deception, and information warfare techniques. Three groups—Qilin, Akira and CL0P—accounted for nearly 30% of all victims, indicating that a small number of operators drive a disproportionate share of incidents.
“Ransomware has crossed a strategic threshold,” said Dr. Srinivas Mukkamala, CEO, Securin. “What we’re seeing now is not just faster or more frequent attacks, but campaigns designed to undermine trust, across infrastructure, identity and human decision-making. AI is accelerating that shift, but it’s still human intent driving the outcomes.”
Industries Targeted for Disruption
For the first time, commercial facilities were the most targeted sector for ransomware, accounting for 14.1% of all victims, followed by manufacturing, IT service providers, healthcare, and government organizations. The report found that attackers prioritized environments where operational interruption carried immediate financial or organizational consequences.
Manufacturing and infrastructure-adjacent sectors experienced increased activity tied to production downtime, supply chain delays, and safety risks.
AI Is an Accelerator, Not an Autopilot
While some early 2025 reporting suggested ransomware had become largely AI-driven, Securin’s findings present a more measured reality. AI is now widely accessible to threat actors, but it primarily functions as a force multiplier rather than an autonomous operator.
Threat groups commonly use AI to draft phishing and extortion messages, debug scripts, translate content, and streamline repetitive tasks. Only a small number of observed campaigns relied on AI in ways that were critical to execution.
“The narrative around autonomous ransomware misses the point,” said Aviral Verma, Head of Research, Securin. “The real change is acceleration. AI reduces friction at every stage of an attack, making ransomware operations faster, more scalable, and easier to replicate—even for less skilled actors.”
Where AI Is Changing Ransomware
Securin’s findings show that AI use expanded during 2025, primarily as an efficiency tool. AI reduced effort and increased scale for bad actors, while operational decisions remained manual.
The report identifies four areas where AI is having the greatest impact:
- Malware development:Â AI-assisted coding enables less-experienced actors to deploy sophisticated ransomware, increasing attacker volume and experimentation.
- Adaptive execution:Â Emerging malware can generate attack logic at runtime, weakening signature-based detection and improving adaptability to target environments.
- Automated extortion:Â AI chatbots now manage negotiations, translation, and scripted psychological pressure, allowing groups to scale victim interactions with minimal staffing.
- Identity deception:Â Deepfake audio and voice cloning have become operational tools, enabling attackers to impersonate executives or help desk staff to bypass identity controls.
“Organizations can no longer defend against isolated attacks,” Verma added. “They need to understand how trust fails across systems and how attackers exploit those failures at scale.”
About the 2025 Ransomware Report
Securin’s 2025 Ransomware Report examines:
- The rise of hybrid threat actors
- Infrastructure-first ransomware strategies
- AI’s role in accelerating attack operations
- Deepfake-enabled social engineering and identity abuse
- Strategic implications for defenders entering 2026
Download the full 2025 Ransomware report here.
Related News:
Safer Internet Day 2026: From Awareness to Action in Internet Safety
