Ransomware uses AI to enhance negotiations

Applications of AI


The weekly ‘Business with Significant Risk’ news is written by: Tom Ulen Edited by Amberley Jack. This week’s sponsor is sondera.

You can listen to this newsletter’s podcast discussions by searching for “Risky Business News” in your podcatcher or by subscribing below. This RSS feed.

photo credit chris saber above unsplash

It is commonly believed that ransomware operators are simply using AI to hack more companies. However, some carriers are leveraging AI to create leverage, allowing them to extract more money in negotiations with victims.

A prime example is FulcrumSec, a data extortion group that became active around September 2025. use simple techniques Violating the organization. They typically gain access through hard-coded or exposed credentials, unpatched applications, or misconfigured storage.

The group claims that Infiltrated 25 organizations These techniques were used to steal terabytes of data.

Although AI is not needed for hacking, it is used to analyze stolen data so that it can put further pressure on victims.

GuidePoint Security Report now available last week Learn more about how FulcrumSec uses AI to analyze stolen data and develop a stronger negotiating position. “We know what we stole and it’s here, which is why we set the ransom at this amount.”

In June of this year, FulcrumSec contacted the following companies: data breach[dot]net Regarding that compromise Danish pharmaceutical company novo nordiskmanufacturer of Wegovy and Semaglutide. It claims to have stolen 1.3TB of data containing 700,717 files.

FulcrumSec said it has acquired valuable intellectual property (IP), including five undisclosed drug programs, drug and RNA delivery programs in development, and private AI models for specific medical and drug discovery purposes.

the group said data breach The company said it uses a team of AI agents to analyze these private models and believes the stolen data could save competitors three to five years of program development. The initial ransom demand for Novo Nordisk was US$25 million.

Information about the IP stolen by FulcrumSec was combined with a description of Novo Nordisk’s security posture, which the group claimed was “absolutely devastating” and “mind-boggling.”

To us, this sounds like FulcrumSec trying to frame the case in a way that would make class action lawyers drool. It won’t be the first time A lawsuit resulted from a data breach.so perhaps this is part of FulcrumSec’s blackmail propaganda.

FulcrumSec’s modus operandi includes using AI to generate detailed reports, properly formatted and complete with logos, to threat researchers and journalists in order to further pressure victims.

For example, after breaching the technology company Avnet last October, the group granted the vx-underground X account. Reporting violations. According to vx-underground, the group provided “an autobiography, a breakdown of the data they have, a motive for the breach, information about the logo design (and why the logo was chosen), a complete list of files from the breach, and a breakdown of the files (what’s what, what’s what, what’s what).” [and] image of the file.

vx-underground said the group “did all the research and writing for me.” To add insult to injury, FulcrumSec claimed to have used OpenAI keys stolen from victims to pay for ChatGPT to summarize their own data.

FulcrumSec is not the only ransomware operation that GuidePoint Security highlights as using LLM to increase pressure in negotiations. The security firm believes the DragonForce ransomware group has been active in various forms since 2023 and is using LLM to “create plausible intelligence.” [psychological] Pressure”.

During the negotiations, the group claimed to have a legal advisor on staff, which GuidePoint Security said was “applying pressure on victims by implying that DragonForce has insight into victim reporting requirements and legal exposure resulting from data breaches.”

DragonForce and FulcrumSec both have a verifiable track record of stealing data, engaging in extortion negotiations, and in some cases actually receiving compensation.

In contrast to previous AI hacks for extortion purposes

This is in sharp contrast to previous reports of AI-based extortion hacks. These reports describe ransomware incidents that are disconnected from the monetization mechanism.

in April we wrote about One hacker broke into nine networks mexican government agency. He did this within a few weeks with the help of various LLMs. another Individuals in Ethiopia hacked at least 14 companies in partially automated attacks.

In either case, hacking While highly successful in their own right, both hackers struggled when it came to turning that access into cash.

Similarly, earlier this month, security firm Sysdig reported It’s called JADEPUFFER, and it’s “agent-based ransomware: a complete extortion operation driven end-to-end by LLM.” The malware was very good at all its hacking activities, but the aspect of extorting money from victims felt a little half-hearted.

For example, consider its encryption method. The victim’s files were locked, but the encryption key was not stored or transmitted. Therefore, encrypted files can never be recovered. The ransom note also requested payment to an example address listed in Bitcoin documentation. Finally, the email address listed in the ransom note does not appear in threat intelligence databases or victim forums, suggesting it has never been used before.

Incumbent carriers seize AI opportunity

Of course, there are also established ransomware operators that utilize AI-powered hacking.

Last month’s so-called Forty Breed Campaignis linked to INC and Lynx ransomware groups. Hacking strategy using AI. In that case, credential harvesting is being used to feed data extortion campaigns.

This is the subject of a Risky Business features interview with technology editor James Wilson, which will be published. here today.

Two trends in the ransomware industry come into play here.

Data extortion is becoming a preferred business model because it is easier and quieter to perform than encrypting ransomware. As organizations improve their backup strategies, encryption increases cost and complexity without increasing the likelihood that victims will pay.

At the same time, the payment rate for data extortion also falling.

The INC/Lynx strategy here is to use AI to hack. more often To make up for lost paydays. FulcrumSec takes the opposite approach, seeking to maximize profits by increasing its leverage in negotiations.

Our take-home message here is that geeky, tech-focused ransomware attackers are using AI to hack, but ransomware attackers are sophisticated. They use it in negotiations.

Bugpocalypse is officially here

The mass cleanup of AI is exposing decades of insecure coding practices, while the resulting frenzy of vendor patches is creating headaches for organizations trying to respond.

This month’s Microsoft Patch Tuesday 570 vulnerabilities addressedin addition to over 50 additional vulnerabilities that were patched by Microsoft in early July. This is an increase from 200 cases last month. Approximately 10% of recent bugs are rated as critical.

Additionally, Google has patched 428 vulnerabilities outside of Microsoft Chromium, which will be ported to the Edge browser.

Microsoft and Google aren’t the only ones patching like crazy. Adobe is doubling releases and moving to a twice-monthly patch cycle. So far this month, the vendor has patched 88 vulnerabilities.

The optimists among us can simply think of this as good news. AI is wiping out decades of technical debt accumulated through insecure coding practices. It’s not just a big platform find There are many bugs and many patches have been released as well. That’s supposed to be positive, right?

Unfortunately, here risky business We are known for our optimistic worldview. It would be very helpful if a patch is available and applied. Unfortunately, the reality is that many organizations have not and will not apply these.

Unpatched vulnerabilities remain a significant entry point into organizations, a fact highlighted in the following articles: This year’s Verizon data breach investigation report.

Malicious actors may also analyze patches to understand flaws and find ways to compromise unpatched instances. While AI can help find and patch software flaws, bad actors can also use it to: Reverse engineering a patch Generate an exploit.

Indeed, the end result of all this patching may be better protection for cloud services and the few systems that have system administrators patching like crazy.

But for the majority of people, patching is slow or not even patched at all? Their systems end up looking like this. few Safe.

While there is some optimism that big tech shops are using AI tools to create more secure code, coding agents vast Most new code today is written without any concern for safety.

So while bugs are being fixed like an avalanche, this frenzy of patches doesn’t eliminate vulnerabilities. Those who do not commit to a proper patching process are further exposed to threats.

Watch James Wilson and Tom Uren discuss this issue of the newsletter.

3 reasons to stay healthy this week:

  1. Global fraud bust: announced by Interpol Operation First Light, an anti-fraud operation involving 97 countries, reportedly resulted in the seizure of illicit assets worth US$293 million and the arrest of more than 5,800 people. First Light focused on what Interpol described as “social engineering fraud and related money laundering.” This is the largest number of arrests from a single operation that we can remember.
  2. First joint EU-UK cyber sanctions: EU and Britain announced Sanctions targeting the Russian state and cybercriminals. Strangely enough, despite both announcements; Attribution December 2025 attack on Polish energy grid to F.S.B. Not a single Center 16 or FSB official has been named. Instead, sanctions package List of criminals and related parties G.R.U.Russia’s military intelligence agency.
  3. European companies can scan CSAM. record report The European Parliament has reinstated legal protections that allow big tech companies such as Google, Microsoft and Meta to scan and report illegal child sexual abuse material (CSAM) on their services. A previous law allowing voluntary scanning has expired. Although content scanning is controversial, we are pleased to see that the status quo of allowing unencrypted material to be scanned will remain in place until 2028.

in this Risky Business Sponsor InterviewJames Wilson talks with Sondera CEO Josh Devon about why guardrails and instruction files aren’t enough to prevent AI agents from running amok. EDR, DLP, and other traditional controls cannot prevent agent fraud. Josh discusses Sondera’s “principle of least autonomy” for agents. Let your agents do useful work, but leverage deterministic policies to prevent them from revealing secrets, misusing tools, or wandering off-duty.

shorts

The last one is Gold Eagle. Exactly what you need for cyber security

This week, White House announced Launch of Gold Eagle, a new “clearinghouse” for cybersecurity vulnerability disclosure and reconciliation.

Usually this kind of news item would be published in the Hilarious Reasons section of the newsletter, but this one is a little strange. The initiative is being carried out under the purview of the Treasury Department, with Treasury Secretary Scott Bessent being the top payer, according to a White House announcement.

CISA, actual Experience in collecting, assessing, and distributing vulnerabilities was mentioned only once in the announcement.

And there’s a name. gold eagle. Woot?

Risky Biz Talk

For audio versions of this newsletter and other great podcasts and interviews, check out our Risky Biz News feed (RSS, iTunes or spotify).

In our previous “Between Two Nerds” discussion, Tom Uren and Gurkuk We use data published in a new paper written by two members of Ukraine’s Cybersecurity Agency to discuss how important exploits are to cyber operations.

Or watch it on YouTube.





Source link