Cybercriminals have been turning to artificial intelligence (AI) to further their ransomware attacks, according to a new report by the Canadian Centre for Cyber Security (CCCS).
The new report, “Ransomware Threat Outlook 2025-27,” looks at the trends of ransomware crimes and its impact on Canadians and Canadian organizations. Ransomware is software used by hackers to gain access to a phone or other device and encrypt, steal or erase data and demand a payment or ransom to restore it, according to the CCCS.
Report author Rajiv Gupta, the head of CCCS, said in the document that the ransomware threat “continues to increase and evolve quickly,” adding that hackers are adopting “sophisticated tactics” for their cyber crimes.
Gupta noted that cyber criminals were now using AI to target victims and enter the ransomware ecosystem.
“Threat actors have been leveraging improvements in generative AI, particularly large language models, across various stages of ransomware attacks,” he wrote, adding the goal was to increase the “financial reward” of cyber crime.
He said AI helps cyber criminals by reducing the skills and resources they need. “With the rise of AI, these threats have become cheaper and faster to conduct and harder to detect,” the report notes.
Cybercriminals are using AI to develop malware, create “deepfakes,” automate negotiations with victims, conduct vulnerability research, and to implement social engineering strategies, according to Gupta.
The report says the centre saw an annual increase in the number of ransomware attacks of 26 percent between 2021 and 2024, and anticipates future increases.
“We assess that threat actors carrying out ransomware attacks will remain a significant threat to Canada in the next two years,” Gupta wrote in the report.
He added that the increase in ransomware incidents was expected to impact most sectors.
“Ransomware continues to stand out as one of the most disruptive, costly, and persistent challenges facing Canadian organizations of every size,” the report says.
In Canada, cyber crime actors have successfully used ransomware on various systems, including Nova Scotia Power, Toronto’s Hospital for Sick Children and the Public Library System in Toronto.
“Ransomware is big business. At a time when cybercriminals continue to target Canadian businesses, critical infrastructure, and government systems, education on this threat has never been more important,” Gupta said.
The centre said it has issued 336 pre-ransomware notifications to more than 300 Canadian organizations.
The report also noted that ransomware tactics have evolved, from initially using encryption to hide data from victims, to exfiltration-only attacks, which removes data or files from a system.
Criminals gain access to devices and systems through unpatched software, compromised credentials, phishing attacks, or remote desk protocol, the report said. These methods make businesses that do not have the ability to invest in information technology or cyber security training more vulnerable, Gupta wrote.
He added that “basic cyber hygiene practices” can help reduce the risk, including software updates, multi-factor authentication, backups, and being cautious about phishing attacks.
Friends Read Free
Copy
Facebook
Tweet
