The rapid advancement of Artificial Intelligence (AI) has not only become a focal point in the tech world but has also created new opportunities for cybercriminals to launch increasingly dangerous attacks.
According to a report by Bleeping Computer, Cisco Talos, a threat intelligence division, recently uncovered the activities of small-scale hacking groups posing as AI service providers. These deceptive tactics are used to distribute ransomware and malware in ways that are more sophisticated and harder to detect.
This strategy continues a trend that began last year, where threat actors leveraged deepfake content as bait to deliver malicious software. Now, similar methods are being adopted by information-stealing malware operators and ransomware groups to infiltrate corporate networks.
One of the newly identified tactics involves the ransomware known as CyberLock. This malicious software is distributed via a fake website, novaleadsai[.]com, which mimics the legitimate domain novaleads.app. Visitors are offered free access to an AI service for one year. However, instead of receiving the promised tool, victims unknowingly download a .NET-based loader that executes the ransomware.
Once activated, CyberLock encrypts data across various partitions and appends the extension .cyberlock to each locked file. The attackers demand a ransom of $50,000 in Monero cryptocurrency, claiming the funds will be donated to humanitarian causes.
Another variant, Lucky_Gh0$t, is derived from Yashma, which belongs to the Chaos ransomware family. It is disguised as a fake installer for “ChatGPT 4.0 Full Version Premium,” bundled with software mimicking Microsoft’s official tools to evade antivirus detection. Files smaller than 1.2GB are encrypted with random extensions, while larger files are deleted and replaced with junk files of similar size.
Meanwhile, the Numero malware does not encrypt data but instead continuously disrupts the Windows graphical interface. The numbers “1234567890” appear on all windows and buttons, rendering the system unusable despite the data remaining intact.
These cases highlight how public excitement over AI is being exploited by cybercriminals. Techniques like SEO poisoning and malvertising are used to push fake websites to the top of search results, making it easy for unsuspecting users to fall victim.
As such, digital threat awareness and cybersecurity education have become more important than ever. Both individuals and organizations must understand how cyberattacks work and learn to recognize early warning signs.
Strengthen Cyber Resilience with VELSICURO-CYBER RANGES™
VELSICURO-CYBER RANGES™ offers comprehensive training solutions based on real-world cyberattack simulations. Through scenarios like Malware Traffic Analysis, Network Compromise to Ransomware Attack, and hundreds of others, participants can enhance their technical readiness to face actual cyber threats.
Why Choose VELSICURO-CYBER RANGES™?
✔️ Hands-on simulation with real-world attack scenarios
✔️ Structured and intensive cyber drills
✔️ Access to 900+ threat simulation scenarios
✔️ Guidance from certified cybersecurity experts
IT’S TIME!
INDONESIA PRIDE!
"Merah Putih" CYBER DEFENDER
SEE THE DIFFERENT, EXPECT THE BEST!
BOOST YOUR CYBER SKILLS!
Together with VELSICURO-CYBER RANGES™, let’s build Indonesia’s Golden Generation in the digital era!
Contact VelSicuro today:
🌐 www.cyberranges.velsicuro.com
✉️ hub@velsicuro.co.id
☎️ +62 878 9090 8898
Need Any Technology Solution