SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Ransomware
#
PAM
#
Cloud Security

AI accelerates ransomware threat as attacks surge globally

Yesterday
Author image
By Shannon Williams, Journalist

New research from Delinea shows that 69% of organisations worldwide were breached by ransomware in the past year, with artificial intelligence quickly reshaping the capabilities of both cyber attackers and defenders.

The 2025 State of Ransomware Report, based on input from more than 1,000 IT and security leaders globally, highlights that over a quarter of victim organisations suffered multiple ransomware incidents and that attackers are increasingly employing AI-driven strategies to strengthen their operations.

According to the report, ransomware incidents are not only increasing in number, but also in sophistication. Attackers are making extensive use of AI to automate phishing campaigns, generate deepfakes for impersonation, and escalate data extortion threats. As a result, 85% of ransomware victims were threatened with the exposure of stolen data.

One major finding is that although ransom payments have declined—with 57% of organisations paying compared to 76% the previous year—the frequency and impact of attacks are on the rise as threat actors diversify their tactics.

Art Gilliland, Chief Executive Officer at Delinea, said: "Ransomware has evolved into a shape-shifting, AI-enabled threat that no business can afford to underestimate. In order to combat the sophistication of today's attacks, organisations must fight AI with AI and embrace proactive, identity security strategies like zero trust architecture, Privileged Access Management, and continuous credential monitoring to stay ahead."

The report suggests that while 90% of surveyed organisations now deploy AI as part of their defence, particularly in Security Operations Centres (64%), analysing Indicators of Compromise (62%), and preventing phishing (51%), pressing vulnerabilities still remain in core security practices.

Despite widespread concern about ransomware—expressed by 90% of executive respondents—only 34% of organisations are enforcing least privilege access controls, which restrict user access to only the data and resources essential to their roles. Furthermore, only 57% have implemented application control measures to limit potential attack vectors within their environments.

The persistence of these gaps has real-world effects on business continuity. Most organisations hit by ransomware reported significant operational disruption, with 75% indicating that their recovery period lasted up to two weeks following an attack. These extended shutdowns can have lasting financial and reputational impacts, particularly as ransomware groups increasingly threaten public data exposure to pressure payment.

The landscape is further complicated by the continuing rise of Ransomware-as-a-Service (RaaS) platforms, the report notes. These platforms enable less technically proficient criminals to launch attacks using plug-and-play toolkits, increasing the scale and reach of ransomware incidents globally.

In light of these developments, the report underlines the necessity of comprehensive, identity-focused cyber security measures to counter threats that adapt as quickly as the defences intended to stop them.

AI continues to play a dual role. On the offensive front, cyber criminals exploit AI to scale operations more rapidly than before, making it easier to launch sophisticated attacks aimed at both large enterprises and smaller businesses. Defenders, on the other hand, are leveraging AI capabilities for early threat detection and rapid response, which, according to Delinea, are becoming fundamental in effective ransomware mitigation.

The findings also highlight the shift in attacker motivations and techniques. Rather than relying solely on receiving direct ransom payments, ransomware operators are increasingly banking on extortion, using the threat of data leaks as leverage against victims who are less willing to pay.

Art Gilliland stated: "In order to combat the sophistication of today's attacks, organisations must fight AI with AI and embrace proactive, identity security strategies like zero trust architecture, Privileged Access Management, and continuous credential monitoring to stay ahead."

The report concludes that as attackers continue to refine their strategies and incorporate advanced tools into their arsenals, organisations must prioritise resilience, early detection, and incident recovery to navigate the evolving threat landscape.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
N-able launches free global UEM certification for IT staff
Claroty adds business-centred risk tools to xDome platform
Cloud security gaps widen as AI threats outpace defences
Portnox & CrowdStrike team up for real-time access control
Bitdefender unveils GravityZone tool for easier compliance
Top stories
Global survey finds gaps leave cloud security dangerously exposed
UK estate sector turns to digital tools as ID fraud surges
Healthcare faces surge in cyberattacks & AI-driven threats
Cobalt unveils platform updates to streamline pentesting workflows
Too many cloud security tools harming incident response times - survey