Technology
AI Supercharges Phishing And Ransomware Attacks Globally
Cybercriminals deploy artificial intelligence to craft convincing phishing emails, target supply chains, and escalate ransomware threats, leaving schools and businesses scrambling to adapt.
6 min read
In the fast-evolving world of cybercrime, schools, businesses, and managed service providers (MSPs) are finding themselves on the frontline of a new wave of attacks powered by artificial intelligence. The latest threat reports from leading cybersecurity firms reveal a striking reality: AI-driven phishing, ransomware, and supply chain attacks are not only more common, but they’re also more sophisticated and damaging than ever before.
On February 18, 2026, a comprehensive analysis by Dataminr, as reported in its “2026 Cyber Threat Landscape Report,” highlighted a dramatic shift in the cyber threat landscape over the past year. One in four modern data breaches now exploits a third-party vulnerability—up 20% in risk magnitude compared to direct internal attacks. These so-called “Vendor Pivot” breaches move at a breakneck pace, with 96% of vulnerabilities weaponized within the same year they’re disclosed. The fallout? Financial losses from a single breach can easily soar past $50 million, sometimes reaching as high as $100 million.
This isn’t just a problem for the private sector. According to reporting by Wired, K–12 schools have become a prime target for cybercriminals wielding generative AI. Attackers are now able to generate near-duplicate scam emails that slip past automated defenses. “It’s just similar enough that we can definitely feel the pain, but it’s different enough that the automation that we have in place cannot just find those and rip them out,” said Syn, an expert in education cybersecurity, to Wired. The real kicker? AI can scour the internet for personal and school-specific details, enabling attackers to impersonate superintendents and principals with chilling accuracy. These emails often reference real meetings or deadlines, creating a sense of urgency and tricking even the most vigilant staff into opening malicious attachments.
Clark, another cybersecurity specialist, explained to Wired that the traditional red flags—bad grammar, odd formatting, and obvious mistakes—are now largely gone. “AI removed all of that,” he said. “Today’s phishing emails look normal and relatable,” making even well-trained employees vulnerable. The culture of openness in K–12 education, combined with decentralized IT and limited resources, only amplifies the risk. “Schools are built on trust and openness, and attackers take advantage of that,” Clark warned.
The growing sophistication of AI-powered phishing isn’t limited to schools. On February 19, 2026, Acronis released its Cyberthreats Report for the second half of 2025, based on extensive telemetry from its global network. The findings were stark: phishing made up a staggering 83% of all email threats and accounted for 52% of attacks targeting MSPs. Email remains the primary entry route for attackers, but advanced attacks on collaboration platforms—think Slack, Teams, and Zoom—jumped from 12% in 2024 to 31% in 2025. Attackers are adapting their social engineering techniques to these new environments, making them “secondary attack channels” with growing impact, Acronis notes.
The report also revealed that cybercriminals are operationalizing AI across every stage of their attacks. This includes reconnaissance, social engineering, and even ransomware negotiations. Notably, criminal groups such as GLOBAL GROUP and GTG-2002 have deployed AI-driven systems to manage ransomware negotiations and conduct data exfiltration across multiple victims. In one especially disturbing trend, AI was used to create convincing “proof of life” images for virtual kidnapping scams, ratcheting up the psychological pressure on victims.
Gerald Beuchelt, Chief Information Security Officer at Acronis, summed up the new reality: “As cyber threats evolve at an accelerated pace, 2025 has shown that attackers are not only scaling traditional methods like phishing and ransomware, but are leveraging AI to act faster, more efficiently, and at greater scale.” Beuchelt emphasized that organizations must now anticipate threats, automate defenses, and build resilient systems to withstand both traditional and AI-driven attacks.
Ransomware remains a central threat. Acronis reported that nearly 150 MSP and telecom organizations were directly targeted in 2025, with more than 7,600 publicly disclosed victims worldwide. The United States bore the brunt, recording 3,243 victims—the highest total for any country. Manufacturing, technology, and healthcare sectors were the most frequently targeted, likely due to their operational complexity and the high cost of downtime. The rise of new ransomware groups such as Sinobi, TheGentlemen, and CoinbaseCartel signals that the threat is far from abating.
Supply chain and MSP-focused attacks are also on the rise. Attackers are exploiting remote monitoring and management tools like AnyDesk and TeamViewer, affecting over 1,200 third-party and supply chain victims. The US accounted for 574 of these incidents. Akira and Cl0p were named as leading actors in these supply chain attacks, which exploit the central role MSPs play in customer environments. Alarmingly, every MSP-platform vulnerability disclosed in 2025 was rated High or Critical.
Geographic patterns in cyberattacks are also emerging. According to Acronis, India, the US, and the Netherlands saw the highest rates of mass infection and lateral movement, while South Korea was the most malware-affected country, with 12% of users impacted. These trends reflect differences in attacker focus and opportunity across regions.
The Dataminr report further underscores the scale of the problem. In 2025, 30% of cyber intrusions were carried out using valid credentials—often stolen in phishing attacks—rather than traditional break-ins. Phishing remained the biggest intrusion vector in 60% of cases. AI-supported phishing campaigns represented over 80% of observed social engineering activity worldwide. The report also noted a positive trend: organizations are increasingly refusing to pay ransoms, with 63% declining payment in 2025, up from 59% in 2024. However, the financial impact of successful attacks has grown, with fewer but more devastating incidents.
So, what can be done? Syn, speaking to Wired, cautioned against relying solely on technology to outsmart AI-driven attacks. “If we just try the stalemate of ‘Can we one up the AI?’ we’re probably going to lose,” he said. Instead, he recommends schools and organizations lean into “human-only trust signals”—such as shared pass phrases or in-person verification—that AI can’t easily spoof. Clark added that layered technical defenses are still essential, including strong identity protection, continuous risk-based access controls, and advanced email and endpoint detection.
With AI voices and video footage becoming more convincing by the day, the challenge for defenders is only growing. Gartner’s recent predictions for 2026 emphasize the need for stronger governance and oversight of AI tools to reduce their security risks. While 94% of cybersecurity professionals believe AI can drive positive change, the consensus is clear: vigilance, adaptation, and a blend of human intuition and smart technology are the best hope for staying one step ahead.
The cyber battlefield is shifting at lightning speed, and as organizations scramble to defend themselves, the stakes—financial, operational, and human—have never been higher.
Sources
- AI-Driven Phishing Is Putting K–12 Schools at Risk — Technology Solutions That Drive Education
- AI-driven phishing surge dominates 2025 cyberattacks — SecurityBrief UK
- Report: 1 in 4 Data Breaches Exploit Third-Party Vulnerabilities - Tech.co — Tech.co