As SMEs increasingly adopt AI tools and streamline their operations, cybercriminals are seizing the opportunity to deploy ransomware through deceitful campaigns.
According to a recent Cisco Talos report, attackers are embedding malware into counterfeit applications that mimic popular services, pose as legitimate AI software providers.
Research by the US Chamber of Commerce and Teno reveals that using at least one AI-powered product and 40% leverage 40% of small businesses, these malicious lures are an increasing threat to sole owners and boutique companies.
Researchers at Cisco Talos warn that such tactics not only put sensitive data and financial assets at risk, but also erode trust in legitimate AI markets.
Cybercriminals exploit the popularity of AI
The refinement of these attacks is evident in how cybercriminals create fake websites and software installers that resemble trustworthy brands.
In one instance, a malicious website mimicked the lead monetization service Nova Leads, offering a fictional “Nova Lead AI” product with a promise of deceptive “free access” for 12 months.
Once installed, users unconsciously deployed Cyberlock ransomware. This spreads across the network and leaves a ransom memo asking for $50,000 in cryptocurrency.
MalwareBytes reports that the attacker falsely claimed altruistic motivation and said the payments were in favor of groups affected by the conflict zone.
In addition to risk, fraudulent sites have leveraged SEO addiction technology to rank them highly in search results, increasing the likelihood that unsuspecting victims will stumble.
Similarly, another attack disguised Lucky_Gh0 $TRANSOMWARE as “CHATGPT 4.0 full version Premium.exe”. We blended Microsoft’s legitimate open source AI tools in the installer to avoid antivirus detection.
New threats
The third campaign revealed by Talos introduced a new malware called “numero,” built into software that mimics the popular video generation tool Invideo AI.
Although not classified as ransomware, Numero is unable to use the system, poses a serious operational threat.
These cases highlight the broader trends of cybercriminals harnessing the AI ​​boom and target small and medium-sized businesses keen to adopt innovative solutions.
The double risk lies both in the immediate compromise of the system and in the long-term damage to the trust of digital tools essential to the growth of modern business.
Protecting small and medium-sized businesses from these threats requires a proactive cybersecurity stance.
Prevention prioritizes prevention, businesses must patch vulnerabilities in software for the Internet, and secure remote access tools such as RDP and VPN with strong credentials or disable unused services to protect them.
Deploying always-on endpoint protection software allows you to intercept threats before they can break into your network. Maintaining offsite backups ensures data recovery without paying for ransoms.
Regular testing of these backups is essential for a quick repair. Finally, it is essential to thoroughly remove all traces of the malware and attacker entry points to prevent recurrence after an attack.
By continuing to be vigilant and adopting these technical safeguards, small businesses can navigate their digital landscapes with greater resilience to the evolving threats of ransomware hidden behind the promise of AI innovation.
To upgrade your cybersecurity skills, get diamond membership online with over 150 practical cybersecurity courses. Please register here
