Trade Haven Hub - Investing and Stock News
  • Investment Tips
  • Trade Tips
  • Crypto News
  • Economy News
  • Stock Market
  • Investment Tips
  • Trade Tips
  • Crypto News
  • Economy News
  • Stock Market
No Result
View All Result
Trade Haven Hub - Investing and Stock News
No Result
View All Result
Home Crypto News

AI Ransomware Attacks Surge as Groups Leverage Automation to Target Victims – Is Your Crypto Secure?

by
October 7, 2025
in Crypto News
0
AI Ransomware Attacks Surge as Groups Leverage Automation to Target Victims – Is Your Crypto Secure?
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Artificial intelligence (AI) has lowered the barrier to entry for cybercriminals, enabling ransomware groups to automate coding, generate polymorphic malware that alters its code with each infection, and create convincing social engineering lures, according to blockchain intelligence firm TRM Labs.

Nine emerging groups identified in the past 12 months have leveraged AI to scale their operations rapidly, with some shifting away from encryption to rely on reputational damage, regulatory pressure, and data leaks for extortion.

Global crypto scam losses surged to $4.6 billion in 2024, with at least 87 AI-driven scam rings dismantled in the first quarter of 2025 alone.

According to Ari Redbord, Global Head of Policy at TRM Labs, “the line between financially motivated groups and state-linked actors is also becoming increasingly blurred”, with state-sponsored actors collaborating with cybercriminals to pool resources.

Most notably, TRM identified APTLock as linked to the Russian state-sponsored group Fancy Bear, conducting destructive attacks that encrypt and delete data while defacing systems.

The group launders proceeds through long peel chains with dozens of uniform-value deposits into a non-custodial exchange, FixedFloat, before converting to Monero.

AiLock, first identified in April 2025, deliberately markets itself as AI-assisted and employs polymorphic malware for defense evasion.

The group threatens to report breaches to regulators and competitors while giving 72-hour response deadlines and five-day payment windows.

AiLock launders funds through peel chain patterns, directing the majority to the Wasabi mixer and routing smaller portions through FixedFloat.

AiLock victim funds deposited through Wasabi mixer. | Source: TRM Labs

Emerging Groups Deploy Tactics From Encryption to Pure Extortion

Among other notable groups, Arkana Security gained prominence after breaching U.S. cable provider WideOpenWest in March 2025, employing a three-phase extortion strategy combining ransom demands, data sales, and public leaks.

The group carries out attacks from phishing to credential theft and network lateral movement while doxxing executives’ personally identifiable information.

Arkana funnels all victim proceeds into a single non-custodial exchange, creating potentially recoverable cash-out patterns.

Arkana Security deposits victim funds to a non-custodial exchange. | Source: TRM Labs

Notably as well, Dire Wolf conducts targeted double-extortion attacks across manufacturing, technology, healthcare, and construction sectors, primarily targeting the United States and Thailand.

The group deploys custom Golang ransomware that disables security tools and deletes recovery files, directing victims to live dark web chatrooms for negotiations.

Proceeds are also laundered through multiple deposits into non-custodial exchanges to avoid strict KYC procedures.

Dire Wolf depositing victim funds to a non-custodial exchange. | Source: TRM Labs

Similarly, Frag exploits the Veeam vulnerability rated CVSS 9.8, using compromised VPN credentials without multi-factor authentication to deploy ransomware with .frag extensions.

TRM assesses that Frag may be associated with the Akira ransomware group, as both utilize shared wallet clusters and identical payment services.

The group expanded from its first victim in February 2025 to claim 27 organizations by March, with 25 of these located in the United States.

On the other end, Kairos operates differently by focusing solely on data exfiltration without encrypting files, purchasing network access from initial access brokers.

Sophos found that only half of ransomware attacks now involve encryption, the lowest level in six years.

TRM identified Kairos sharing cash-out addresses with SafePay, INC, Lynx, and Qilin ransomware groups, suggesting shared affiliate networks.

Deepfake Scams and Malware Campaigns Drain Millions From Users

Former Binance founder Changpeng Zhao recently issued urgent warnings following sophisticated deepfake Zoom attacks targeting the crypto community.

Japanese influencer Mai Fujimoto lost access to her MetaMask wallets after a 10-minute video call with an AI-generated impersonation of an acquaintance whose Telegram account had been compromised.

Mehdi Farooq, a former Animoca Brands investment partner, also lost years of savings when six wallets were drained after downloading fake Zoom software during a similar deepfake call.

@cz_binance warns against unofficial software after crypto influencer @misodanchan falls victim to deepfake Zoom hack that compromised MetaMask wallets through 10-minute AI-generated impersonation, part of 87 dismantled scam operations.#CZ #Deepfak…https://t.co/HMTdVwpCo0

— Cryptonews.com (@cryptonews) June 20, 2025

Crypto-stealing malware is spreading through fake AI, gaming, and Web3 startups with convincing websites, social media profiles, GitHub repositories, and team pages.

Darktrace identified schemes involving fake blockchain games, such as “Eternal Decay,” and startups including Pollens AI, Swox, and Buzzu.

The malware targets Windows and macOS users, stealing wallet credentials using Realst and Atomic Stealer families with advanced evasion techniques, including stolen software signing certificates.

As part of the ongoing war against the growing threat, Spanish authorities recently dismantled a crypto investment scam that defrauded over 200 victims out of more than €19 million using AI-generated celebrity videos to promote fake high-return ventures.

The investigation has arrested six individuals, aged 34 to 57, who are facing charges of fraud, money laundering, and document falsification.

The post AI Ransomware Attacks Surge as Groups Leverage Automation to Target Victims – Is Your Crypto Secure? appeared first on Cryptonews.

Previous Post

Bitcoin Becomes a “Cornerstone of Financial Security,” to Join Central Bank Reserves: Deutsche Bank

Next Post

Kraken Adds WLD & WLFI Token Pairs; Upgrades Margin Trading With Up to 10x Leverage

Next Post
Kraken Adds WLD & WLFI Token Pairs; Upgrades Margin Trading With Up to 10x Leverage

Kraken Adds WLD & WLFI Token Pairs; Upgrades Margin Trading With Up to 10x Leverage

  • Trending
  • Comments
  • Latest
Buy Bitcoin Under $100K Before The Next Bull Run

Buy Bitcoin Under $100K Before The Next Bull Run

April 22, 2025
Quantum Computing: its Evolution and its Potential Future

Quantum Computing: its Evolution and its Potential Future

March 20, 2025
Stock Market News UK Update: FTSE 100 & 250 Rise

Stock Market News UK Update: FTSE 100 & 250 Rise

March 20, 2025
Oil Prices Rebound After Trump’s Criticism of Powell

Oil Prices Rebound After Trump’s Criticism of Powell

April 22, 2025
Altcoin Season Puts Sonic, Stacks, And Bittensor On Trader Screens

Altcoin Season Puts Sonic, Stacks, And Bittensor On Trader Screens

0
Quantum Computing: its Evolution and its Potential Future

Quantum Computing: its Evolution and its Potential Future

0
Quantum Computing: its Evolution and its Potential Future

Quantum Computing: its Evolution and its Potential Future

0
Air Direct Capture – Reducing CO2 from the Atmosphere

Air Direct Capture – Reducing CO2 from the Atmosphere

0
Altcoin Season Puts Sonic, Stacks, And Bittensor On Trader Screens

Altcoin Season Puts Sonic, Stacks, And Bittensor On Trader Screens

October 7, 2025
CEA Industries Snaps Up $624M in BNB – Targeting 1% Supply as Token Hits All-Time High

CEA Industries Snaps Up $624M in BNB – Targeting 1% Supply as Token Hits All-Time High

October 7, 2025
Government limps deeper into shutdown crisis with no deal in sight

Government limps deeper into shutdown crisis with no deal in sight

October 7, 2025
Strategy Ranks Among Top Five U.S. Corporate Treasuries With $80B in Bitcoin Holdings

Strategy Ranks Among Top Five U.S. Corporate Treasuries With $80B in Bitcoin Holdings

October 7, 2025

    Stay updated with the latest news, exclusive offers, and special promotions. Sign up now and be the first to know! As a member, you'll receive curated content, insider tips, and invitations to exclusive events. Don't miss out on being part of something special.


    By opting in you agree to receive emails from us and our affiliates. Your information is secure and your privacy is protected.

    Recent News

    Altcoin Season Puts Sonic, Stacks, And Bittensor On Trader Screens

    Altcoin Season Puts Sonic, Stacks, And Bittensor On Trader Screens

    October 7, 2025
    CEA Industries Snaps Up $624M in BNB – Targeting 1% Supply as Token Hits All-Time High

    CEA Industries Snaps Up $624M in BNB – Targeting 1% Supply as Token Hits All-Time High

    October 7, 2025
    Government limps deeper into shutdown crisis with no deal in sight

    Government limps deeper into shutdown crisis with no deal in sight

    October 7, 2025
    Strategy Ranks Among Top Five U.S. Corporate Treasuries With $80B in Bitcoin Holdings

    Strategy Ranks Among Top Five U.S. Corporate Treasuries With $80B in Bitcoin Holdings

    October 7, 2025
    • About us
    • Contact us
    • Privacy Policy
    • Terms & Conditions

    Copyright © 2025 tradehavenhub.com | All Rights Reserved

    No Result
    View All Result
    • Investment Tips
    • Trade Tips
    • Crypto News
    • Economy News
    • Stock Market

    Copyright © 2025 tradehavenhub.com | All Rights Reserved