Ransomware Groups Use AI to Level Up 

A new wave of AI-powered threats is on the loose. 

A recent CISCO Talos report found that ransomware gangs are leveraging AI hype, luring enterprises with fake AI business-to-business software while pressuring victims with psychological manipulation.

Ransomware groups like CyberLock, Lucky_Gh0$t, and a newly-discovered malware dubbed “Numero,” are all impersonating legitimate AI software, such as Novaleads, the multinational lead monetization platform. Kiran Chinnagangannagari, co-founder and chief product and technology officer at global cybersecurity firm Securin told CIO Upside that this new tactic is not niche. 

“It is part of a growing trend where cybercriminals often use malicious social media ads or SEO poisoning to push these fake tools, targeting businesses eager to adopt AI but unaware of the risks,” Chinnagangannagari said. 

Mandiant, the cybersecurity arm of Google, recently reported a similar campaign running malicious ads on Facebook and LinkedIn, redirecting users to fake AI video-generator tools imitating Luma AI, Canva Dream Lab and Kling AI. 

AI Gaslighting

Ransomware gangs are also using psychological manipulation to increase the success rate of their attacks. For example, CyberLock is leaving victims notes asking them to pay $50,000, an unusually low ransom demand considering the industry’s average. The notes say that the ransom payment will be used for “humanitarian aid” in various regions, including Palestine, Ukraine, Africa and Asia. 

• The $50,000 demand pressures smaller businesses into paying quickly while avoiding the scrutiny that comes with multi-million dollar ransoms, Chinnagangannagari said. 
• Organizations should never pay the ransom, as payment offers no guarantee of results, Chinnagangannagari said.“Companies should focus on robust backups and incident response plans to recover without negotiating,” he added. 
• Security leaders also need to prepare their teams for psychological manipulation, not just technical defenses, said Mike Logan, CEO of C2 Data Technology. “These ransomware attacks are not just technical threats but psychological weapons.” 

In certain industries, these smaller-scale ransomware attacks can have more serious impacts. “There are edge cases, healthcare for example, where human lives are at stake,” Logan said. However, even in those cases, the goal should be to have preventive controls in place so that paying never becomes the only option, he said.

Companies should report the incident, work with authorities, and treat the breach as a catalyst to modernize their security posture, he said. 

The new wave of AI business-targeting ransomware demands a paradigm shift in defense strategies. AI tools are now considered by cybersecurity experts as high-risk assets, Chinnagangannagari said. Training staff on how to spot fake, malicious and suspicious online activity, especially when downloading unverified AI apps, is essential.