AI-Powered Ransomware Surge: A 389% Spike in Global Victims in 2025
Fortinet’s 2026 Global Threat Landscape Report reveals a staggering 389% year-over-year increase in confirmed ransomware victims, with attacks rising from 1,600 in 2024 to 7,831 in 2025. The surge is driven by the proliferation of AI-powered cybercrime tools, such as WormGPT, FraudGPT, and BruteForceAI, which have lowered the barrier to entry for threat actors. These tools, sold openly on dark web marketplaces, enable even low-skilled attackers to launch sophisticated campaigns, transforming ransomware into a structured, end-to-end criminal operation.
FortiGuard Labs’ telemetry data, mapped across the MITRE ATT&CK framework, shows that cybercrime networks now rely on access brokers, botnet operators, and shadow agents to accelerate attacks. The time-to-exploit (TTE) window has collapsed, with critical vulnerabilities now targeted within 24–48 hours down from an average of 4.76 days. A real-world example includes the React2Shell vulnerability, which saw active exploitation attempts within hours of disclosure.
The manufacturing sector suffered the highest impact, with 1,284 confirmed victims, followed by business services (824) and retail (682). Geographically, the U.S. led with 3,381 victims, trailed by Canada (374) and Germany (291), reflecting the financial attractiveness of these targets.
A key driver of the ransomware surge is the rise of AI-powered stealer malware, which now dominates dark web data markets. Stealer logs accounting for 67.12% of all shared datasets provide attackers with full browser sessions, cookies, and authentication tokens, enabling immediate impersonation of victims. RedLine malware led with 911,968 infections (50.8% of stealer activity), followed by Lumma (499,784) and Vidar (236,778). The availability of these logs surged 79% in 2025, compounding a 500% increase from the previous year, making credential-based intrusions faster and harder to detect.
Source: https://cybersecuritynews.com/ransomware-victims-jump-to-7831-as-ai-crime-tools/
Fortinet cybersecurity rating report: https://www.rankiteo.com/company/fortinet
"id": "FOR1777631025",
"linkid": "fortinet",
"type": "Ransomware",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '1,284',
'industry': 'Manufacturing',
'location': 'Global',
'type': 'Sector'},
{'customers_affected': '824',
'industry': 'Business Services',
'location': 'Global',
'type': 'Sector'},
{'customers_affected': '682',
'industry': 'Retail',
'location': 'Global',
'type': 'Sector'},
{'customers_affected': '3,381',
'location': 'United States',
'type': 'Country'},
{'customers_affected': '374',
'location': 'Canada',
'type': 'Country'},
{'customers_affected': '291',
'location': 'Germany',
'type': 'Country'}],
'attack_vector': ['AI-powered cybercrime tools',
'Stealer malware',
'Credential-based intrusions'],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Browser sessions',
'Cookies',
'Authentication tokens']},
'date_publicly_disclosed': '2026',
'description': 'Fortinet’s 2026 Global Threat Landscape Report reveals a 389% '
'year-over-year increase in confirmed ransomware victims, '
'driven by AI-powered cybercrime tools like WormGPT, FraudGPT, '
'and BruteForceAI. These tools enable low-skilled attackers to '
'launch sophisticated campaigns, transforming ransomware into '
'a structured criminal operation. The manufacturing sector was '
'hardest hit, with the U.S. leading in victim count.',
'impact': {'data_compromised': ['Browser sessions',
'Cookies',
'Authentication tokens'],
'identity_theft_risk': 'High'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes',
'entry_point': 'Credential-based intrusions'},
'motivation': ['Financial gain', 'Data exfiltration'],
'post_incident_analysis': {'root_causes': ['AI-powered cybercrime tools',
'Stealer malware proliferation',
'Collapsed time-to-exploit '
'window']},
'ransomware': {'data_encryption': 'Yes', 'data_exfiltration': 'Yes'},
'references': [{'source': 'Fortinet’s 2026 Global Threat Landscape Report'}],
'threat_actor': ['Access brokers', 'Botnet operators', 'Shadow agents'],
'title': 'AI-Powered Ransomware Surge: A 389% Spike in Global Victims in 2025',
'type': 'Ransomware',
'vulnerability_exploited': ['React2Shell vulnerability']}