AI tools becoming hot commodities on ransomware marketplaces

Sales of AI-based tools is accelerating within underground ransomware marketplaces, lowering the barrier to entry for new actors in the process.

An analysis of Telegram channels, 20 dark web forums, and five underground markets by anti-ransomware platform vendor Halcyon found that AI utility posts grew to 1,486 in February 2026, up from just 38 in December 2025.

The AI tools for sale divided into four categories:

• Weaponized LLMs: Sometimes called dark LLMs, these tools omit the safety guardrails and rules present in legitimate large language models (LLMs). “WormGPT” is the market leader in this category of cybercrime-focused AI tooling but only as a brand used by multiple operators, some of which are straightforward scams that collect payments without offering any service.
• AI-enabled identity fraud: Tools in this category include voice and video-enabled deepfakes, created using AI, that are used to fool selfie-based recognition systems and other know your customer (KYC) security controls, among other fraudulent applications. The same tools can also be used as part of business email compromise scams.
• AI-augmented malware and attack infrastructure: AI-driven infrastructure is being used to aggregate, process, and exfiltrate stolen data more efficiently.
• Jailbroken and stolen AI services: Hacked AI accounts are the largest category of services offered and the cheapest.

Halcyon estimates that ransomware attacks have grown in volume by 20% since 2023 with an increased focus on targeting smaller enterprises, which now comprise 80% of attacks.

During a keynote presentation at Infosecurity Europe, Cynthia Kaiser, SVP of Halcyon’s Ransomware Research Center, told delegates that the largest ransomware operators — such as Akira — are increasingly operating the same business models as legitimate vendors by selling services and infrastructure to their clients and affiliates. The main difference is that the goods on offer are exploits and stolen credentials rather than the legitimate goods sold through legitimate marketplaces.

Ransomware groups sell routinely through multiple channels, thereby creating redundancy in the event that any channel is taken down. Their services are often offered with tiered pricing, and are commonly available with a freemium model popularised by legitimate web services. Telegram bot-driven channels are automating the process of sales and marketing, while AI-based utilities are being applied by cybercriminals to offer customer service.

“Modern ransomware operators don’t need to build their operations from scratch,” said Kaiser, the former deputy assistant director of the FBI’s Cyber Division, who added that the skill level required from would-be cybercriminals has dropped.

Dishonour among thieves

All this may seem impressive, but Kaiser noted that criminal operational security (OpSec) is weaker than it looks.

“Criminal AI markets have a theft problem [because] black hats are attacking each other,” Kaiser said.

For example, credentials from one WormGPT instance were stolen by rival cybercriminals and dumped back onto the same forum that originally sold access to the malign AI-based utility.

Such disruption aside, the greater use of AI tooling is part of a sign that the underground ransomware scene has professionalised not least by making it easier in run multiple attacks at scale.

Raking it in

According to separate research from Rapid7, ransomware is becoming more profitable, up 39% between Q1 2025 and Q1 2026.

The Qilin ransomware group made an estimated $193 million between July 2025 and March 2026. And The Gentleman, which is just behind Qilin as the biggest ransomware group, made an estimated $52 million between July 2025 and March 2026, according to Rapid7.

Rapid7’s analysis is based on average ransom payments and payment rates from CoveWare, a ransomware and cyber extortion incident response firm.

Thom Langford, CTO EMEA at Rapid7, said that the ransomware ecosystem has evolved into a mature underground marketplace where access, tooling, and full attack services are now commercially available to almost anyone.

Langford added that AI-based social engineering, primarily to craft more convincing phishing lures, is widely used.

Marketplaces offer an a la carte menu where cybercriminals can contract services for initial access, exfiltration, or negotiation with victims, according to Langford, who added that many if not all of the principal players in the ransomware scene “speak Russian.”

Countermeasures

Law enforcement takedowns are curtailing the growth of ransomware operations, but businesses also need to play their part in defence, Halcyon advises.

Enterprises should concentrate on measures such as stopping initial access, detecting lateral movement, and disrupting exfiltration and encryption. Companies can also build resilience through tabletop exercises, Kaiser concluded.