Malware devs abuse Anthropic’s Claude AI to build ransomware
Anthropic's Claude Code large language model has been abused by threat actors who used it in data extortion campaigns and to develop ransomware packages. [...]
Stay updated on cyber extortion trends: threats, prevention tips, and incident responses. Protect your data with the latest info on digital ransom tactics.
Search across headline titles and summaries.
Background for this topic.
Extortion is coercion through threats: an attacker demands money or another concession while threatening harm if the victim refuses. In cybersecurity, this commonly involves encrypting systems and demanding payment for recovery, stealing data and threatening to publish it (often called double extortion), or threatening service disruption. The threatened harm may be real, exaggerated, or based on data the attacker did not actually obtain; payment does not guarantee data deletion, secrecy, or restoration.
Security teams should treat an extortion demand as a potential incident: preserve evidence, isolate affected systems, determine whether data was accessed, and involve legal and privacy specialists where notification or regulatory duties may apply. Offline, tested backups can reduce leverage from encryption, but they do not address stolen information. Reviewing exposed remote services, credentials, and unpatched internet-facing systems can help contain the access path, while threat intelligence may help assess the attacker’s claims and identify related activity.
Anthropic's Claude Code large language model has been abused by threat actors who used it in data extortion campaigns and to develop ransomware packages. [...]
Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusing on cloud-based encryption, data theft, and extortion. [...]
The company said the threat actor abused its Claude Code service to "an unprecedented degree," automating reconnaissance, intrusions, and credential harvesting.
The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud environments
Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025
Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks. [...]
Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages