Ransomware uses AI to enhance negotiations
It is commonly believed that ransomware operators are simply using artificial intelligence (AI) to hack more companies. However, some operators are using AI to create leverage, allowing them to negotiate with victims to extract more funds.
A prime example is FulcrumSec, a data extortion group that began operating around September 2025 and uses simple techniques to infiltrate organizations. They typically gain access through hard-coded or exposed credentials, unpatched applications, or misconfigured storage.
The group claims to have used these techniques to infiltrate 25 organizations and steal multiple terabytes of data.
Although AI is not required for hacking, it is used to analyze stolen data so that it can put further pressure on victims.
A GuidePoint Security report published last week details how FulcrumSec is using AI to analyze stolen data and establish a strong negotiating position.
In June of this year, FulcrumSec reached out to DataBreaches.[dot]The Net reports on a breach of Danish pharmaceutical company Novo Nordisk, the maker of Wigovy and semaglutide. It claims to have stolen 1.3 terabytes of data, including 700,717 files.
FulcrumSec said it has acquired valuable intellectual property (IP), including five undisclosed drug programs, drug and RNA delivery programs in development, and private AI models for certain medical and drug discovery purposes.
The group told DataBreaches: The company said it uses a team of AI agents to analyze these private models and believes the stolen data could save competitors three to five years of program development. The initial ransom demand for Novo Nordisk was $25 million.
Information about the IP stolen by FulcrumSec was combined with a description of Novo Nordisk’s security posture, which the group claimed was “absolutely devastating” and “mind-boggling.”
To us, this sounds like FulcrumSec trying to frame the case in a way that would make class action lawyers drool. This isn’t the first time a data breach has led to a lawsuit, so perhaps this is part of FulcrumSec’s extortion efforts.
FulcrumSec’s modus operandi includes using AI to generate detailed reports, properly formatted and complete with logos, to threat researchers and journalists in order to further pressure victims.
For example, after breaching technology company Avnet last October, the group filed a breach report on the vx-underground X account. According to vx-underground, the group provided “an autobiography, a breakdown of the data they have, a motive for the breach, information about the logo design (and why the logo was chosen), a complete list of files from the breach, and a breakdown of the files (what’s what, what’s what, what’s what).” [and] Image of the file. ”
vx-underground said the group “did all the research and writing for me.” To add insult to injury, FulcrumSec claimed to have used OpenAI keys stolen from victims to pay for ChatGPT to summarize their own data.
FulcrumSec is not the only ransomware operation that GuidePoint Security highlights as using large-scale language models (LLMs) to increase pressure in negotiations. The security firm believes the DragonForce ransomware group has been active in various forms since 2023 and is using LLM to “create plausible intelligence.” [psychological] pressure. ”
During negotiations, the group claims to have a legal advisor on staff, and Guidepoint Security claims that DragonForce is “attempting to put pressure on victims by implying that it has insight into victim reporting requirements and legal exposure resulting from data breaches.”
DragonForce and FulcrumSec both have a verifiable track record of stealing data, engaging in extortion negotiations, and sometimes actually receiving compensation.
Contrast with previous AI hacks for extortion
This is in sharp contrast to previous reports of AI-based extortion hacks. These reports describe ransomware incidents that are disconnected from the monetization mechanism.
In April, we wrote about a hacker who broke into nine Mexican government agencies. He did this within a few weeks with the help of various LLMs. Another person in Ethiopia hacked at least 14 companies in a partially automated attack.
In either case, hacking While highly successful in their own right, both hackers struggled when it came to turning that access into cash.
Similarly, security firm Sysdig reported earlier this month on what it called JADEPUFFER: “Agent-based ransomware: a complete extortion operation driven end-to-end by LLM.” The malware was very good at all its hacking activities, but the aspect of extorting money from victims felt a little half-hearted.
For example, consider its encryption method. The victim’s files were locked, but the encryption key was not stored or transmitted. Therefore, encrypted files can never be recovered. The ransom note also requested payment to an example address listed in Bitcoin documentation. Finally, the email address listed in the ransom note does not appear in threat intelligence databases or victim forums, suggesting it has never been used before.
Long-established carrier seizes AI opportunity
Of course, there are also established ransomware operators that utilize AI-powered hacking.
Last month’s so-called FortiBleed campaign was an AI-powered hacking campaign linked to the INC and Lynx ransomware groups. In that case, credential harvesting is being used to feed data extortion campaigns.
This is the subject of a Risky Business features interview with technology editor James Wilson published here today.
Two trends in the ransomware industry come into play here.
Data extortion is becoming a preferred business model because it is easier and quieter to perform than encrypting ransomware. As organizations improve their backup strategies, encryption only increases cost and complexity without increasing the likelihood that victims will pay.
At the same time, data extortion payout rates are declining.
The INC/Lynx strategy here is to use AI to hack. more often To make up for lost paydays. FulcrumSec takes the opposite approach, seeking to maximize profits by increasing its leverage in negotiations.
Our take-home message here is that geeky, tech-focused ransomware attackers are using AI to hack, but ransomware attackers are sophisticated. They use it in negotiations.
Bugpocalypse is officially here
The mass cleanup of AI is exposing decades of insecure coding practices, while the resulting frenzy of vendor patches is creating headaches for organizations trying to respond.
This month’s Microsoft Patch Tuesday addressed 570 vulnerabilities, in addition to another 50-odd vulnerabilities patched by Microsoft in early July. This is an increase from 200 cases last month. Approximately 10% of recent bugs are rated as critical.
Additionally, Google has patched 428 vulnerabilities outside of Microsoft Chromium, which will be ported to the Edge browser.
Microsoft and Google aren’t the only ones patching like crazy. Adobe is doubling releases and moving to a twice-monthly patch cycle. So far this month, the vendor has patched 88 vulnerabilities.
The optimists among us can simply think of this as good news. AI is wiping out decades of technical debt accumulated through insecure coding practices. And large platforms simply find There are many bugs, but many patches have also been released. That’s supposed to be positive, right?
Unfortunately, we here at Risky Business aren’t known for our optimistic worldview. It would be very helpful if a patch is available and applied. Unfortunately, the reality is that many organizations have not and will not apply these.
Unpatched vulnerabilities remain a significant entry point into organizations, a fact highlighted in this year’s Verizon Data Breach Investigations Report.
Malicious actors may also analyze patches to understand flaws and find ways to compromise unpatched instances. And while AI can help find and patch software flaws, bad actors can also use it to reverse engineer patches and generate exploits.
Indeed, the end result of all this patching may be better protection for cloud services and the few systems that have system administrators patching like crazy.
But for the majority of people, patching is slow or not even patched at all? Their systems end up looking like this. few Safe.
While we are somewhat optimistic that big tech companies are using AI tools to write more secure code, we expect coding agents to be doing YOLO. vast Most new code today is written without any concern for safety.
So while bugs are being fixed like an avalanche, this frenzy of patches doesn’t eliminate vulnerabilities. Those who do not commit to a proper patching process are further exposed to threats.
Risky Biz Talk
among us Latest “Between Two Nerds” DiscussionTom Ulen, Gurkuk We use data published in a new paper written by two members of Ukraine’s Cybersecurity Agency to discuss how important exploits are to cyber operations.
3 reasons to stay healthy this week:
- Global fraud bust: Interpol announced that Operation First Light, an anti-fraud operation involving 97 countries, resulted in the seizure of illegal assets worth $293 million and the arrest of more than 5,800 people. First Light focused on what Interpol described as “social engineering fraud and related money laundering.” This is the largest number of arrests from a single operation that we can remember.
- First joint EU-UK cyber sanctions: The EU and the UK have announced sanctions targeting the Russian state and cybercriminals. Curiously, both announcements attribute the attack on Poland’s energy grid in December 2025 to Center 16 of Russia’s Federal Security Service (FSB), but do not name any FSB personnel. Instead, the sanctions package lists criminals and officials of the GRU (Russian military intelligence agency).
- European companies can scan CSAM. The Record reports that the European Parliament has reinstated legal protections for Big Tech companies such as Google, Microsoft and Meta, allowing them to scan and report illegal child sexual abuse material (CSAM) on their services. A previous law allowing voluntary scanning has expired. Although content scanning is controversial, we are pleased to see that the status quo of allowing unencrypted material to be scanned will remain in place until 2028.
shorts
The last one is Gold Eagle. Exactly what you need for cyber security
This week, the White House announced the launch of Gold Eagle, a new “clearinghouse” for cybersecurity vulnerability disclosure and coordination.
Usually this kind of news item would be published in the Hilarious Reasons section of the newsletter, but this one is a little strange. The initiative is being carried out under the purview of the Treasury Department, with Treasury Secretary Scott Bessent being the top payer, according to a White House announcement.
Cybersecurity and Infrastructure Security Agency; actual Experience in gathering, assessing, and disseminating vulnerability information was mentioned in just one presentation.
And there’s a name. gold eagle. Woot?
