Trade Haven Hub - Investing and Stock News
  • Investment Tips
  • Trade Tips
  • Crypto News
  • Economy News
  • Stock Market
  • Investment Tips
  • Trade Tips
  • Crypto News
  • Economy News
  • Stock Market
No Result
View All Result
Trade Haven Hub - Investing and Stock News
No Result
View All Result
Home Crypto News

AI Ransomware Attacks Surge as Groups Leverage Automation to Target Victims – Is Your Crypto Secure?

by
October 7, 2025
in Crypto News
0
AI Ransomware Attacks Surge as Groups Leverage Automation to Target Victims – Is Your Crypto Secure?
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Artificial intelligence (AI) has lowered the barrier to entry for cybercriminals, enabling ransomware groups to automate coding, generate polymorphic malware that alters its code with each infection, and create convincing social engineering lures, according to blockchain intelligence firm TRM Labs.

Nine emerging groups identified in the past 12 months have leveraged AI to scale their operations rapidly, with some shifting away from encryption to rely on reputational damage, regulatory pressure, and data leaks for extortion.

Global crypto scam losses surged to $4.6 billion in 2024, with at least 87 AI-driven scam rings dismantled in the first quarter of 2025 alone.

According to Ari Redbord, Global Head of Policy at TRM Labs, “the line between financially motivated groups and state-linked actors is also becoming increasingly blurred”, with state-sponsored actors collaborating with cybercriminals to pool resources.

Most notably, TRM identified APTLock as linked to the Russian state-sponsored group Fancy Bear, conducting destructive attacks that encrypt and delete data while defacing systems.

The group launders proceeds through long peel chains with dozens of uniform-value deposits into a non-custodial exchange, FixedFloat, before converting to Monero.

AiLock, first identified in April 2025, deliberately markets itself as AI-assisted and employs polymorphic malware for defense evasion.

The group threatens to report breaches to regulators and competitors while giving 72-hour response deadlines and five-day payment windows.

AiLock launders funds through peel chain patterns, directing the majority to the Wasabi mixer and routing smaller portions through FixedFloat.

AiLock victim funds deposited through Wasabi mixer. | Source: TRM Labs

Emerging Groups Deploy Tactics From Encryption to Pure Extortion

Among other notable groups, Arkana Security gained prominence after breaching U.S. cable provider WideOpenWest in March 2025, employing a three-phase extortion strategy combining ransom demands, data sales, and public leaks.

The group carries out attacks from phishing to credential theft and network lateral movement while doxxing executives’ personally identifiable information.

Arkana funnels all victim proceeds into a single non-custodial exchange, creating potentially recoverable cash-out patterns.

Arkana Security deposits victim funds to a non-custodial exchange. | Source: TRM Labs

Notably as well, Dire Wolf conducts targeted double-extortion attacks across manufacturing, technology, healthcare, and construction sectors, primarily targeting the United States and Thailand.

The group deploys custom Golang ransomware that disables security tools and deletes recovery files, directing victims to live dark web chatrooms for negotiations.

Proceeds are also laundered through multiple deposits into non-custodial exchanges to avoid strict KYC procedures.

Dire Wolf depositing victim funds to a non-custodial exchange. | Source: TRM Labs

Similarly, Frag exploits the Veeam vulnerability rated CVSS 9.8, using compromised VPN credentials without multi-factor authentication to deploy ransomware with .frag extensions.

TRM assesses that Frag may be associated with the Akira ransomware group, as both utilize shared wallet clusters and identical payment services.

The group expanded from its first victim in February 2025 to claim 27 organizations by March, with 25 of these located in the United States.

On the other end, Kairos operates differently by focusing solely on data exfiltration without encrypting files, purchasing network access from initial access brokers.

Sophos found that only half of ransomware attacks now involve encryption, the lowest level in six years.

TRM identified Kairos sharing cash-out addresses with SafePay, INC, Lynx, and Qilin ransomware groups, suggesting shared affiliate networks.

Deepfake Scams and Malware Campaigns Drain Millions From Users

Former Binance founder Changpeng Zhao recently issued urgent warnings following sophisticated deepfake Zoom attacks targeting the crypto community.

Japanese influencer Mai Fujimoto lost access to her MetaMask wallets after a 10-minute video call with an AI-generated impersonation of an acquaintance whose Telegram account had been compromised.

Mehdi Farooq, a former Animoca Brands investment partner, also lost years of savings when six wallets were drained after downloading fake Zoom software during a similar deepfake call.

@cz_binance warns against unofficial software after crypto influencer @misodanchan falls victim to deepfake Zoom hack that compromised MetaMask wallets through 10-minute AI-generated impersonation, part of 87 dismantled scam operations.#CZ #Deepfak…https://t.co/HMTdVwpCo0

— Cryptonews.com (@cryptonews) June 20, 2025

Crypto-stealing malware is spreading through fake AI, gaming, and Web3 startups with convincing websites, social media profiles, GitHub repositories, and team pages.

Darktrace identified schemes involving fake blockchain games, such as “Eternal Decay,” and startups including Pollens AI, Swox, and Buzzu.

The malware targets Windows and macOS users, stealing wallet credentials using Realst and Atomic Stealer families with advanced evasion techniques, including stolen software signing certificates.

As part of the ongoing war against the growing threat, Spanish authorities recently dismantled a crypto investment scam that defrauded over 200 victims out of more than €19 million using AI-generated celebrity videos to promote fake high-return ventures.

The investigation has arrested six individuals, aged 34 to 57, who are facing charges of fraud, money laundering, and document falsification.

The post AI Ransomware Attacks Surge as Groups Leverage Automation to Target Victims – Is Your Crypto Secure? appeared first on Cryptonews.

Previous Post

Bitcoin Becomes a “Cornerstone of Financial Security,” to Join Central Bank Reserves: Deutsche Bank

Next Post

Kraken Adds WLD & WLFI Token Pairs; Upgrades Margin Trading With Up to 10x Leverage

Next Post
Kraken Adds WLD & WLFI Token Pairs; Upgrades Margin Trading With Up to 10x Leverage

Kraken Adds WLD & WLFI Token Pairs; Upgrades Margin Trading With Up to 10x Leverage

  • Trending
  • Comments
  • Latest
Buy Bitcoin Under $100K Before The Next Bull Run

Buy Bitcoin Under $100K Before The Next Bull Run

April 22, 2025
Ben & Jerry’s co-founder resigns, claiming parent company Unilever ‘silenced’ its campaigning

Ben & Jerry’s co-founder resigns, claiming parent company Unilever ‘silenced’ its campaigning

September 18, 2025
Cruz clashes with Nigeria over his claims 50,000 Christians killed since 2009 in religious violence

Cruz clashes with Nigeria over his claims 50,000 Christians killed since 2009 in religious violence

October 7, 2025
Quantum Computing: its Evolution and its Potential Future

Quantum Computing: its Evolution and its Potential Future

March 20, 2025
Forget TAO! Why BlockchainFX’s Model Can Make $BFX the Hottest Crypto Token of 2025

Forget TAO! Why BlockchainFX’s Model Can Make $BFX the Hottest Crypto Token of 2025

0
Quantum Computing: its Evolution and its Potential Future

Quantum Computing: its Evolution and its Potential Future

0
Quantum Computing: its Evolution and its Potential Future

Quantum Computing: its Evolution and its Potential Future

0
Air Direct Capture – Reducing CO2 from the Atmosphere

Air Direct Capture – Reducing CO2 from the Atmosphere

0
Forget TAO! Why BlockchainFX’s Model Can Make $BFX the Hottest Crypto Token of 2025

Forget TAO! Why BlockchainFX’s Model Can Make $BFX the Hottest Crypto Token of 2025

October 29, 2025
Ethereum Foundation Launches Portal Showcasing ZK Privacy Tech to RWAs and Restaking

Ethereum Foundation Launches Portal Showcasing ZK Privacy Tech to RWAs and Restaking

October 29, 2025
Mutuum Finance (MUTM): $18.15M Already Raised Ahead of V1 Protocol Launch

Mutuum Finance (MUTM): $18.15M Already Raised Ahead of V1 Protocol Launch

October 29, 2025
States sue Trump admin over billions in looming cuts to SNAP, food stamps

States sue Trump admin over billions in looming cuts to SNAP, food stamps

October 29, 2025

    Stay updated with the latest news, exclusive offers, and special promotions. Sign up now and be the first to know! As a member, you'll receive curated content, insider tips, and invitations to exclusive events. Don't miss out on being part of something special.


    By opting in you agree to receive emails from us and our affiliates. Your information is secure and your privacy is protected.

    Recent News

    Forget TAO! Why BlockchainFX’s Model Can Make $BFX the Hottest Crypto Token of 2025

    Forget TAO! Why BlockchainFX’s Model Can Make $BFX the Hottest Crypto Token of 2025

    October 29, 2025
    Ethereum Foundation Launches Portal Showcasing ZK Privacy Tech to RWAs and Restaking

    Ethereum Foundation Launches Portal Showcasing ZK Privacy Tech to RWAs and Restaking

    October 29, 2025
    Mutuum Finance (MUTM): $18.15M Already Raised Ahead of V1 Protocol Launch

    Mutuum Finance (MUTM): $18.15M Already Raised Ahead of V1 Protocol Launch

    October 29, 2025
    States sue Trump admin over billions in looming cuts to SNAP, food stamps

    States sue Trump admin over billions in looming cuts to SNAP, food stamps

    October 29, 2025
    • About us
    • Contact us
    • Privacy Policy
    • Terms & Conditions

    Copyright © 2025 tradehavenhub.com | All Rights Reserved

    No Result
    View All Result
    • Investment Tips
    • Trade Tips
    • Crypto News
    • Economy News
    • Stock Market

    Copyright © 2025 tradehavenhub.com | All Rights Reserved