TLDR: Ransomware attacks have escalated by a staggering 70% in the first half of 2025, largely driven by cybercriminals leveraging artificial intelligence to create more sophisticated and evasive malware. A prime example is ‘PromptLock,’ identified as the first fully AI-driven ransomware, which uses local AI models to dynamically generate malicious code, intensifying the global cybersecurity arms race.
The digital landscape is witnessing an unprecedented surge in ransomware attacks, with reported incidents jumping by a remarkable 70% in the first half of 2025 compared to previous years. This alarming increase is primarily attributed to the sophisticated integration of artificial intelligence (AI) by cybercriminals, marking a critical turning point in the ongoing battle for cybersecurity.
According to the Acronis Cyberthreats Report H1 2025, AI is not merely an accessory but a core engine for these evolving threats. Cybercriminals are harnessing generative AI tools to craft more evasive strains of malware and execute highly personalized phishing campaigns.
A groundbreaking development in this arena is the discovery of ‘PromptLock,’ identified by cybersecurity firm ESET as potentially the first fully AI-driven ransomware. Discovered on August 27, 2025, PromptLock utilizes a local instance of OpenAI’s gpt-oss-20b model, running via the Ollama framework, to dynamically generate and execute Lua scripts for encryption and other destructive tasks. This on-device AI approach minimizes external communications, making it exceptionally difficult for traditional antivirus software to detect and track due to its variable code output.
Gerald Beuchelt, CISO at Acronis, highlighted the democratization of advanced threats, stating, ‘Even the least sophisticated attackers today have access to advanced AI capabilities, generating social engineering attacks and automating their activities with minimal effort.’ This accessibility is expanding the pool of potential attackers and lowering the barrier to entry for high-impact cybercrime.
The impact of these AI-enhanced attacks is widespread. Manufacturing, retail, and telecommunications sectors have been among the most targeted industries. Manufacturing alone accounted for 15% of all ransomware cases in Q1 2025, followed by retail and food services (12%) and telecom/media companies (10%).
Managed Service Providers (MSPs) are also under significant fire, with phishing now accounting for 52% of all MSP breaches, a substantial increase from 30% in 2024. This shift underscores the effectiveness of AI-generated lures in exploiting human behavior. Furthermore, phishing attacks leveraging AI-generated deepfakes and automated exploits have seen a rise in collaboration platforms like Microsoft Teams.
Beyond ransomware, AI’s integration is amplifying related tactics, including business email compromise (BEC) schemes, which rose to 25.6% of all attacks. The Akamai Technologies’ 2025 report, released on August 26, 2025, also noted a 37% surge in ransomware incidents in 2024, with extortions reaching $724 million via campaigns linked to botnets like TrickBot.
Also Read:
- AI Summarization Tools Exploited as New Malware Delivery Vector
- 7AI Unveils Agentic Security Platform, Empowering Defenders with Swarming AI to Automate Non-Human Cybersecurity Tasks
This escalating threat landscape has ignited a cybersecurity arms race, compelling organizations to rapidly adapt their defenses. Experts emphasize the urgent need for comprehensive cyber protection strategies, including zero-trust architectures and behavioral analytics, to counter these increasingly sophisticated and AI-augmented adversaries.
