Rise of AI in Cybercrime: How ChatGPT is revolutionizing ransomware attacks and what your business can do

June 13, 2023  |  Mark Stone

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

OpenAI's flagship product, ChatGPT, has dominated the news cycle since its unveiling in November 2022. In only a few months, ChatGPT became the fastest-growing consumer app in internet history, reaching 100 million users as 2023 began.

The generative AI application has revolutionized not only the world of artificial intelligence but is impacting almost every industry. In the world of cybersecurity, new tools and technologies are typically adopted quickly; unfortunately, in many cases, bad actors are the earliest to adopt and adapt.

This can be bad news for your business, as it escalates the degree of difficulty in managing threats. 

Using ChatGPT’s large language model, anyone can easily generate malicious code or craft convincing phishing emails, all without any technical expertise or coding knowledge. While cybersecurity teams can leverage ChatGPT defensively, the lower barrier to entry for launching a cyberattack has both complicated and escalated the threat landscape.

Understanding the role of ChatGPT in modern ransomware attacks

We’ve written about ransomware many times, but it’s crucial to reiterate that the cost to individuals, businesses, and institutions can be massive, both financially and in terms of data loss or reputational damage.

With AI, cybercriminals have a potent tool at their disposal, enabling more precise, adaptable, and stealthy attacks. They're using machine learning algorithms to simulate trusted entities, create convincing phishing emails, and even evade detection.

The problem isn't just the sophistication of the attacks, but their sheer volume. With AI, hackers can launch attacks on an unprecedented scale, exponentially expanding the breadth of potential victims. Today, hackers use AI to power their ransomware attacks, making them more precise, adaptable, and destructive.

Cybercriminals can leverage AI for ransomware in many ways, but perhaps the easiest is more in line with how many ChatGPT users are using it: writing and creating content. For hackers, especially foreign ransomware gangs, AI can be used to craft sophisticated phishing emails that are much more difficult to detect than the poorly-worded message that was once so common with bad actors (and their equally bad grammar). Even more concerning, ChatGPT-fueled ransomware can mimic the style and tone of a trusted individual or company, tricking the recipient into clicking a malicious link or downloading an infected attachment.

This is where the danger lies. Imagine your organization has the best cybersecurity awareness program, and all your employees have gained expertise in deciphering which emails are legitimate and which can be dangerous. Today, if the email can mimic tone and appear 100% genuine, how are the employees going to know? It’s almost down to a coin flip in terms of odds.

Furthermore, AI-driven ransomware can study the behavior of the security software on a system, identify patterns, and then either modify itself or choose the right moment to strike to avoid detection.

Trends and patterns in ChatGPT-themed cybercrimes

While the vast majority of people use ChatGPT for benign or beneficial purposes, the notable uptick in ChatGPT-themed suspicious activities is cause for concern. These threats include the creation of malicious code, phishing schemes, and of course ransomware — often exploiting the advanced capabilities of ChatGPT to enhance their effectiveness.

The majority of patterns and trends in these activities are not ransomware-related; however, they provide invaluable insights for security experts to proactively respond to these challenges.

Creation of malware using ChatGPT

A self-proclaimed novice reportedly created a powerful data-mining malware using just ChatGPT prompts within a few hours.

ChatGPT imposters

Malware operators and spammers read the news, too, and are following trends and high-engagement topics, leading to an increase in malicious ChatGPT imposters.

Malware campaigns using ChatGPT

ChatGPT is everywhere. Meta took steps to take down more than 1,000 malicious URLs that were found to leverage ChatGPT.

Cybercriminals using ChatGPT

ChatGPT cybercrime is popular with hackers. A thread named ChatGPT – Benefits of Malware” appeared on a popular underground hacking forum, indicating that cybercriminals are starting to use ChatGPT.

ChatGPT-themed lures

Watch out: hackers are using ChatGPT-themed malware to take over online accounts.

ChatGPT phishing attacks

Finally, these phishing attacks are the most concerning for organizations defending against ransomware. The ChatGPT Banker” phishing attack involves fake webpages and a trojan virus.

Copycat Chatbots and their threat to Cybersecurity

The success and visibility of OpenAI's ChatGPT inevitably leads to another cybersecurity concern — the rise of copycat chatbots. These are AI models developed by other groups or individuals seeking to mimic the functionalities and capabilities of ChatGPT, often with less stringent ethical guidelines and fewer protective measures.

There are two key issues that arise from these imitation chatbots. First, they often lack the advanced protective guardrails that have been incorporated into ChatGPT, leaving them more open to misuse. These bots could easily become tools for generating malicious code, crafting phishing emails, or designing ransomware attacks.

Next, these copycat chatbots are frequently hosted on less secure platforms, which may be susceptible to cyber-attacks. Hackers could potentially compromise these platforms to gain control of the chatbots and manipulate their capabilities for nefarious purposes.

Copycat chatbots present the risk of amplifying misinformation and fostering cybercrime. As they lack the same level of scrutiny and oversight as ChatGPT, they could be used to disseminate deceptive content on a large scale.

Proactive measures you can take to combat AI-enhanced ransomware threats

Despite the escalating threat, the outlook is not hopeless.

As always, good security hygiene can go a long way in bolstering your defenses. The advice hasn’t changed, but it bears repeating.

Regular updates and patches: Ensure that all your software, including your operating system and applications, are up to date.

Avoid suspicious emails/links: Be wary of emails from unknown sources and don't click on suspicious links. Remember, AI can be used to mimic trusted contacts.

Back up your data: Regularly backing up data is a simple yet effective way of mitigating the potential damage of a ransomware attack. The more data you have backed up, the easier it is to recover from a potential disaster.

Promote a culture of security awareness: Learn about the latest threats and techniques used by hackers. The better your company and all employees understand these tactics, the easier it will be to recognize and avoid potential threats.

If you do fall victim to a ransomware attack, don't panic. Disconnect from the internet, report the incident to local authorities, and consider seeking professional help to mitigate the damage. In most cases, paying the ransomware is not recommended.

While AI can pose a threat when in the hands of hackers, it can also be a potent ally in your defense. AI-driven cybersecurity solutions are becoming more prevalent and can help you combat these advanced threats. These solutions use machine learning to recognize patterns, anticipate threats, and respond in real-time. By adopting AI-based security tools, you're not just reacting to cyber threats, but proactively defending against them.

How AT&T Cybersecurity can help defend against ransomware

If your company lacks cybersecurity expertise, you may consider hiring trusted and experienced consultants to help you out. Take control by proactively making your company a place that cybercriminals do not want to visit.

With AT&T Cybersecurity incident response service, youll be well-positioned to:

  • Prevent data breaches
  • Quickly respond to attacks and mitigate impact
  • Minimize impacts of a potential breach
  • Quickly analyze and recover from the breach
  • Mitigate security risk
  • Improve incident response
  • Leverage an all hands on deck” approach, which includes in-depth digital forensic analysis, breach, support and compromise detection

Share this with others

Featured resources


Insights Report

2023 AT&T Cybersecurity Insights Report: Edge Ecosystem



2023 AT&T Cybersecurity Insights Report: Edge Ecosystem

Get price Free trial