Malware devs abuse Anthropic’s Claude AI to build ransomware
Anthropic's Claude Code large language model has been abused by threat actors who used it in data extortion campaigns and to develop ransomware packages. [...]
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
Anthropic's Claude Code large language model has been abused by threat actors who used it in data extortion campaigns and to develop ransomware packages. [...]
MathWorks, a leading developer of mathematical simulation and computing software, revealed that a ransomware gang stole the data of over 10,000 people after breaching its network in April. [...]
Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusing on cloud-based encryption, data theft, and extortion. [...]
Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua scripts to steal and encrypt data on Windows, macOS, and Linux systems. [...]
Nissan Japan has confirmed to BleepingComputer that it suffered a data breach following unauthorized access to a server of one of its subsidiaries, Creative Box Inc. (CBI). [...]