Emerging ThreatsMalware & Ransomware

AI-Driven Cybercrime Fuels 389% Surge in Ransomware Victims

Analyst 207||Source: SecurityMag
City street scene with modern and worn infrastructure, laptop on outdoor table or bench, hint of unease.
“Cybercrime is one of the world’s most pervasive and costly threats, and our latest Global Threat Landscape Report reveals how malicious actors are beginning to leverage agentic AI to execute more sophisticated attacks,” remarks Derek Manky, Chief Security Strategist and Global VP of Threat Intelligence, Fortinet FortiGuard Labs.

A striking rise: 389% more ransomware victims in 2025

FortiGuard Labs’ 2026 Global Threat Landscape Report — an overview of trends and threats from 2025 — reports a 389% year‑over‑year increase in ransomware victims. The research explicitly links part of that growth to the growing accessibility of crime service kits named in the study: FraudGPT, WormGPT and BruteForceAI. The report frames this jump not as a fluke but as the product of criminal capabilities that are becoming both more capable and easier to obtain.

Brute force activity: fewer attempts, vastly greater impact

On its face the report shows a decline in brute force attempts — a 22% year‑over‑year drop — but FortiGuard Labs interprets that decline as evidence of greater efficiency among attackers. Cybercriminals, the research says, are making fewer brute force attempts against better‑selected targets, thereby increasing the likelihood of successful credential testing.

Those fewer, more targeted attempts still add up to enormous volume: the report quantifies 67.65 billion brute force incidents worldwide, which the authors break down as roughly 185 million attempts each day, 1.3 billion each week and 5.6 billion each month. At the same time, global exploitation attempts rose 25.49% year‑over‑year, underlining that attackers shifted tactics rather than slowed down.

Crime service kits: FraudGPT, WormGPT and BruteForceAI as force multipliers

FortiGuard Labs singles out specific tools in explaining the ransomware surge. The report attributes part of the increase in victims to the accessibility of crime service kits such as FraudGPT, WormGPT and BruteForceAI. Those names appear as examples of how “agentic AI” is being used to automate, scale and refine malicious campaigns — turning technical sophistication into a commodity that lowers the barrier to entry for criminals.

Most targeted sectors: Manufacturing, business services and retail

The research also breaks down where attacks landed. The most targeted sectors listed are Manufacturing with 1,284 recorded incidents, Business services with 824, and Retail with 682. Those counts appear as the top sectoral targets in the dataset FortiGuard Labs analyzed for activity during 2025, signaling that attackers concentrated on particular business types while using more automated and AI‑assisted methods.

What this means for cyber defenders, procurement leaders, and threat actors

  • Cyber defenders and security teams: FortiGuard Labs’ own recommendation — voiced by Derek Manky — is that defenders must “evolve cybersecurity operations into an industrialized defense and adopt AI‑enabled tools that respond at the same velocity as modern threats.” That line in the report frames the operational response as organizational: automation and AI‑assisted tooling are presented as necessary to match attacker tempo.
  • Affected enterprises and procurement leaders: The concentration of incidents in Manufacturing (1,284), Business services (824) and Retail (682) points to specific procurement and risk priorities for those sectors. The report’s attribution of growth to accessible crime kits also implies that vendors and buyers should treat the threat as accessible and persistent, not limited to highly resourced adversaries.
  • Adversaries and threat actors: The change in brute force metrics — a 22% drop in attempts but still tens of billions of incidents globally — together with a 25.49% rise in exploitation attempts, suggests threat actors are shifting from spray‑and‑pray volume to more selective, AI‑assisted targeting that yields higher successful compromise rates.

Taken together, the numbers in FortiGuard Labs’ 2026 Global Threat Landscape Report describe a system in which malicious actors leverage agentic AI and packaged crime tools to raise the efficiency and reach of attacks. The record is stark: fewer brute force attempts overall, yet far greater payoff for attackers and a near‑quadrupling of ransomware victims year‑over‑year. As the report notes, that combination redefines the tradeoffs defenders face — speed, scale and automation are no longer advantages only enjoyed by well‑resourced blue teams.

Read the original report summary at Security Magazine: https://www.securitymagazine.com/articles/102277-new-research-ai-driven-cybercrime-led-to-a-389-increase-in-ransomware-victims

Emerging ThreatsRansomwareThreat IntelligenceAI-Driven CybercrimeFortiguard LabsGlobal Threat Landscape ReportCrime Service KitsFraudgptWormgptBruteforceai
Related Intelligence

Continue Reading

Law enforcement officials stand near a podium with symbolic objects, including a laptop and papers, in a brightly-lit…

FBI dismantles $1.9B China cybercrime network

In a major breakthrough, the FBI, with the help of Google and Lumen Technologies, has dismantled a massive $1.9 billion China-based cybercrime network that impersonated trusted brands to scam hundreds of thousands of victims. This coordinated takedown, part of Operation Riptide, seized key infrastructure and domains used by the group.

Analyst 207
University campus scene with students walking near a building, laptop on a bench.

ShinyHunters Exploits Oracle Flaw to Breach Universities

A zero-day flaw in Oracle PeopleSoft PeopleTools, known as CVE-2026-35273, has been exploited by ShinyHunters, potentially infiltrating over 100 organizations, with universities being the hardest hit. This vulnerability allows attackers to execute remote code and take over affected servers, posing a significant threat to higher education institutions.

Analyst 207
Defendant sits in federal court with blurred face, hands visible, in front of judge's bench and US flag.

Conti Ransomware Member Pleads Guilty to Cybercrimes

A longtime member of the notorious Conti ransomware group has pleaded guilty to cybercrimes in federal court, marking a major win for justice after the defendant's attacks caused millions of dollars in damage to people and businesses worldwide. Oleksii Oleksiyovych Lytvynenko, a 44-year-old Ukrainian national, admitted to developing malware and participating in Conti's ransomware campaign.

Analyst 207
Federal officials stand near a large screen in a government briefing room.

Authorities Disrupt Massive Deepfake Porn Site in Global Operation

In a major global crackdown, authorities have shut down a notorious deepfake porn site that was profiting from the humiliation, exploitation, and violation of personal privacy of thousands of women, including celebrities and public figures. The site's massive collection of AI-altered images and videos has been seized, putting an end to its large-scale trafficking of digital forgeries.

Analyst 207