AI Ransomware Attacks Surge as Groups Leverage Automation to Target Victims – Is Your Crypto Secure?

Artificial intelligence (AI) has lowered the barrier to entry for cybercriminals, enabling ransomware groups to automate coding, generate polymorphic malware that alters its code with each infection, and create convincing social engineering lures, according to blockchain intelligence firm TRM ￰0￱ emerging groups identified in the past 12 months have leveraged AI to scale their operations rapidly, with some shifting away from encryption to rely on reputational damage, regulatory pressure, and data leaks for ￰1￱ crypto scam losses surged to $4.6 billion in 2024 , with at least 87 AI-driven scam rings dismantled in the first quarter of 2025 ￰2￱ to Ari Redbord, Global Head of Policy at TRM Labs, “ the line between financially motivated groups and state-linked actors is also becoming increasingly blurred ”, with state-sponsored actors collaborating with cybercriminals to pool ￰3￱ notably, TRM identified APTLock as linked to the Russian state-sponsored group Fancy Bear, conducting destructive attacks that encrypt and delete data while defacing ￰4￱ group launders proceeds through long peel chains with dozens of uniform-value deposits into a non-custodial exchange, FixedFloat, before converting to Monero.

AiLock, first identified in April 2025, deliberately markets itself as AI-assisted and employs polymorphic malware for defense ￰5￱ group threatens to report breaches to regulators and competitors while giving 72-hour response deadlines and five-day payment ￰6￱ launders funds through peel chain patterns, directing the majority to the Wasabi mixer and routing smaller portions through ￰7￱ victim funds deposited through Wasabi mixer. |) June 20, 2025 Crypto-stealing malware is spreading through fake AI, gaming, and Web3 startups with convincing websites, social media profiles, GitHub repositories, and team ￰8￱ identified schemes involving fake blockchain games , such as “Eternal Decay,” and startups including Pollens AI, Swox, and ￰9￱ malware targets Windows and macOS users, stealing wallet credentials using Realst and Atomic Stealer families with advanced evasion techniques, including stolen software signing ￰10￱ part of the ongoing war against the growing threat, Spanish authorities recently dismantled a crypto investment scam that defrauded over 200 victims out of more than €19 million using AI-generated celebrity videos to promote fake high-return ￰11￱ investigation has arrested six individuals, aged 34 to 57, who are facing charges of fraud, money laundering, and document falsification.