Ransomware Is Down. So Why Is Cybercrime Up?

The Commoditization of AI-Powered Threats Is Reshaping Cybercrime

For years, ransomware has dominated headlines, holding businesses hostage and netting cybercriminals billions. But for the first time in years, ransomware payments are dropping—down nearly 35% in 2024.

When I read this statistic a couple weeks ago, I was encouraged and slightly confused. This should be a win, right? Stronger defenses, better backups, law enforcement takedowns and a growing refusal to pay ransoms mean that the bad guys are making less money. Unfortunately (and as mentioned in this substack before), the best way to get someone to build a 15-foot ladder is to build a 14-foot high wall. And in the wake of ransomware mitigation's increasing effectiveness, ransomware groups have been forced to adapt.

So what does that mean for cybercrime? Well, by the numbers, it looks like cybercrime isn't slowing down. It's accelerating.

In 2025, cybercrime damages are expected to hit $10.5 trillion annually, up from approximately $8 trillion in 2023 and representing a faster growth rate than global GDP. Instead of stopping, cyberattacks have evolved. Instead of high-risk, high-reward ransomware operations, attackers are now shifting to scalable, AI-driven threats that maximize speed and volume.

AI (new, repeatable) + tried and true tactics (old) = wider spread, more effective attack vectors.

This week, we're going to take a look at how cybercrime's shifts mean that while ransomware is down (and that's a good thing), we can expect to see an uptick in malicious actor activity this year.

A note: this week's data-driven writeup has a bunch of different links and reference documents. If there's a specific threat vector you're curious about or want to deep dive into, please let me know in the comments!

The AI-Powered Evolution of Cybercrime

We've discussed this previously in this Substack, but cybercriminals no longer rely on manual attacks. AI is doing the heavy lifting—and it's reshaping cybercrime at every level.

AI-Generated Phishing & Deepfakes

Attackers are using generative AI to craft near-perfect phishing emails, bypassing security filters and fooling even seasoned professionals. Deepfake voice scams are on the rise, with one Hong Kong firm losing $25 million in a synthetic voice scam impersonating their CEO.

Cybercrime-as-a-Service (CaaS) Makes Hacking Easy

Hacking no longer requires technical expertise. For as little as $50, cybercriminals can purchase phishing-as-a-service kits, complete with AI-generated emails and tools to bypass MFA. That means that the ransomware groups' Ransomware as a Service (RaaS) business model is moving towards a broader swath of attack patterns—turning attacks into an on-demand business model.

AI-Powered Malware & Automated Attacks

AI enabled malware is autonomously adapting to evade detection. AI-driven bots scan networks in real time, identifying vulnerabilities faster than human defenders can respond. Security researchers have already observed malware that modifies itself mid-attack, rendering most of our existing approaches to defense toothless. All the way back in late 2023, BlackMamba malware demonstrated the ability to dynamically alter its code signature and behavior based on the security environment it detected, evading even advanced EDR solutions by "learning" from detection attempts.

What's clear is that attackers are changing their strategy. Instead of targeting a few big victims for ransom, cybercriminals are prioritizing speed, automation, and mass exploitation—infiltrating thousands of organizations at once with minimal effort.

Why the Shift? Cybercrime's Efficiency Problem

Ransomware worked, but it wasn't efficient. Attacks took months of planning—gaining access, exfiltrating data, encrypting systems, negotiating payments. The risk was high, and the payout was uncertain.

AI eliminates those inefficiencies. Instead of a high-risk, high-reward strategy (did someone say "big game hunting?") like ransomware, attackers are moving to low-effort, high-volume campaigns—phishing, identity theft, cloud breaches—that scale infinitely.

Take Business Email Compromise (BEC) as an example, which is now surpassing ransomware in total financial losses. With generative AI, attackers no longer have to manually craft emails. AI writes them, mimics entire conversations, and even generates synthetic voices for follow-up calls.

Then there's cloud-based AI model hijacking—where attackers target enterprise AI deployments that lack proper security controls. Compromised AI models can be exploited to exfiltrate sensitive data, manipulate outputs, or disrupt operations. This happened with DeepSeek, and it's happening in plenty of other places too.

The bottom line? Cybercriminals are automating everything. So how the heck are we going to keep up?

Industry-Specific Impacts

Different sectors are experiencing unique challenges in this evolving threat landscape. Healthcare organizations face AI-generated attacks that target PHI with unprecedented precision, while financial institutions battle sophisticated fraud schemes that combine deepfakes with stolen credentials.

Manufacturing and critical infrastructure are seeing more targeted operational technology (OT) attacks that leverage AI to identify control system vulnerabilities that would have previously required insider knowledge. Point being, each industry requires tailored defenses that account for their specific digital ecosystems and regulatory requirements.

How Security Teams Should Adapt

AI-driven threats demand a shift in security strategy. Traditional approaches—static rules, signature-based detection, perimeter defenses—won't work against adversaries who can rewrite attack code in milliseconds.

Zero Trust Needs to Be the Default

AI-powered threats mean implicit trust is dead. Organizations must assume every request is malicious until verified. Continuous authentication, adaptive access controls, and behavioral analytics are now a must.

AI-Driven Defense Needs Parity Against AI-Driven Attacks

Attackers aren't making noise—they're slipping in quietly, learning, waiting. Low-and-slow intrusions, automated reconnaissance, and AI-assisted evasion tactics are already here. The days of signature-based detection and static rule sets are over. Defenders need to move at machine speed, not just react.

AI-powered security solutions must do more than just claim intelligence. They need to detect AI-assisted intrusion attempts before they gain a foothold, identify subtle behavioral anomalies in real-time instead of days later, and automate response workflows that counteract threats before they escalate.

The security industry is quick to market AI as a solution, but it's time to prove it can actually keep up. If attackers are evolving their tactics, security must evolve faster.

Security Awareness Step Function

Most security training still teaches employees to spot outdated threats—typos in phishing emails, broken English, suspicious URLs. AI-generated threats don't make those mistakes. Organizational training should enable employees to recognize deepfake scams, synthetic voices, and AI-driven fraud tactics.

The Future of Cybercrime: A Strategic Shift in Defense

Cybercriminals are scaling operations with AI, but security teams aren't powerless. The same advancements that enable faster, more adaptive attacks can be leveraged for defense, resilience, and proactive security.

The focus needs to shift from reacting to anticipating—leveraging AI not just for detection but for predictive security, automated response, and real-time anomaly detection.

What Organizations Can Do Now:

1. Invest in AI-Driven Security – Attackers are already automating their methods; security teams need to do the same. AI-powered detection and automated response will be critical to staying ahead.

2. Prioritize Security Hygiene – Strong fundamentals (Zero Trust, access controls, encryption, continuous monitoring) still matter. AI won’t replace the basics—it will enhance them.

3. Redefine Cyber Awareness – Phishing training needs to evolve beyond spotting typos. Employees must be trained on deepfake detection, synthetic voice scams, and AI-driven social engineering tactics.

4. Collaborate and Adapt – Threat intelligence sharing will be essential. Organizations that stay informed and adapt quickly will have a significant advantage.

This isn’t about AI vs. AI—it’s about using the right technology and strategies to build resilient security operations. The companies that integrate AI-driven security, strong risk management, and adaptive awareness will thrive in this new landscape.

The goal isn’t just to defend against today’s threats, it’s to build security programs that can handle whatever comes next.

One Final Thought

What was once nation-state is becoming increasingly commonplace. AI has lowered the barrier to entry for cybercrime, increasing the speed and scale of attacks.

The good news? We're not defenseless. While cybercriminals are scaling their operations with AI, defenders have access to the same tools—and when used strategically, they can tip the balance back in our favor. Security isn't about playing catch-up; it's about anticipating, adapting, and automating faster than attackers can evolve.

Yes, the nature of cybercrime is shifting, but that doesn't mean organizations are doomed to fall behind. From new vendors like DropzoneAI and Prophet, to IBM using Watson for cybersecurity (notably a 60% reduction in mean time to detect and a 30% drop in false positives), success stories are beginning to emerge. It’s early days, but the future is looking bright.

We’re seeing glimpses of success in AI-driven security that is strengthening fundamental defenses, and by evolving security awareness beyond outdated training, we can make attacks more expensive, more difficult, and ultimately less effective. The threats are getting smarter, but so are we.

Cybersecurity has always been an arms race. The organizations that take a proactive stance—leveraging AI for detection, response, and continuous learning—won't just keep up; they'll define what security looks like in this new era. The goal isn't to win a single battle—it's to stay resilient, prepared, and always one step ahead.

Stay secure, stay curious my friends.

Damien