Generative AI boosts ransomware participation with lowered barrier of entry and skill level required, while strategic control remains human

MILPITAS, Calif. and ALBUQUERQUE, N.M., Feb. 17, 2026 /PRNewswire/ — Securin, a leading provider of AI-based Adversarial Exposure Validation (AEV) solutions, today released its 2025 Ransomware Report, finding that generative AI is rapidly accelerating ransomware operations by lowering barriers to entry, increasing scale, and intensifying psychological pressure across leadership, risk functions and frontline staff, without fully automating attacks.

Based on analysis of 7,061 confirmed ransomware victims across 117 threat groups, the report shows ransomware evolving into a hybrid threat that blends cybercrime with infrastructure disruption, identity deception, and information warfare techniques. Three groups—Qilin, Akira and CL0P—accounted for nearly 30% of all victims, indicating that a small number of operators drive a disproportionate share of incidents.

“Ransomware has crossed a strategic threshold,” said Dr. Srinivas Mukkamala, CEO, Securin. “What we’re seeing now is not just faster or more frequent attacks, but campaigns designed to undermine trust, across infrastructure, identity and human decision-making. AI is accelerating that shift, but it’s still human intent driving the outcomes.”

Industries Targeted for Disruption
For the first time, commercial facilities were the most targeted sector for ransomware, accounting for 14.1% of all victims, followed by manufacturing, IT service providers, healthcare, and government organizations. The report found that attackers prioritized environments where operational interruption carried immediate financial or organizational consequences.

Manufacturing and infrastructure-adjacent sectors experienced increased activity tied to production downtime, supply chain delays, and safety risks.

AI Is an Accelerator, Not an Autopilot
While some early 2025 reporting suggested ransomware had become largely AI-driven, Securin’s findings present a more measured reality. AI is now widely accessible to threat actors, but it primarily functions as a force multiplier rather than an autonomous operator.

Threat groups commonly use AI to draft phishing and extortion messages, debug scripts, translate content, and streamline repetitive tasks. Only a small number of observed campaigns relied on AI in ways that were critical to execution.

“The narrative around autonomous ransomware misses the point,” said Aviral Verma, Head of Research, Securin. “The real change is acceleration. AI reduces friction at every stage of an attack, making ransomware operations faster, more scalable, and easier to replicate—even for less skilled actors.”

Where AI Is Changing Ransomware
Securin’s findings show that AI use expanded during 2025, primarily as an efficiency tool. AI reduced effort and increased scale for bad actors, while operational decisions remained manual.

The report identifies four areas where AI is having the greatest impact:

Malware development: AI-assisted coding enables less-experienced actors to deploy sophisticated ransomware, increasing attacker volume and experimentation.
Adaptive execution: Emerging malware can generate attack logic at runtime, weakening signature-based detection and improving adaptability to target environments.
Automated extortion: AI chatbots now manage negotiations, translation, and scripted psychological pressure, allowing groups to scale victim interactions with minimal staffing.
Identity deception: Deepfake audio and voice cloning have become operational tools, enabling attackers to impersonate executives or help desk staff to bypass identity controls.

“Organizations can no longer defend against isolated attacks,” Verma added. “They need to understand how trust fails across systems and how attackers exploit those failures at scale.”

About the 2025 Ransomware Report
Securin’s 2025 Ransomware Report examines:

The rise of hybrid threat actors
Infrastructure-first ransomware strategies
AI’s role in accelerating attack operations
Deepfake-enabled social engineering and identity abuse
Strategic implications for defenders entering 2026

The full report is available here.

About Securin
Securin empowers teams and organizations to minimize business risk with our comprehensive range of proactive cybersecurity solutions. These solutions are carefully crafted to be intuitive, adaptable, and scalable, catering to organizations of all sizes in today’s ever-changing digital landscape. With Securin’s human-augmented intelligence approach to cybersecurity, we proactively address emerging threats and uncertainties. Ensuring organizational security while enabling them to thrive. To learn more about how Securin can elevate your security measures, visit www.securin.io.

View original content to download multimedia:https://www.prnewswire.com/news-releases/securin-2025-ransomware-report-finds-ai-accelerating-not-replacing-human-led-attacks-302688125.html