• Neeve
  • Posts
  • 🤖 80% of Ransomware Now AI-Powered

🤖 80% of Ransomware Now AI-Powered

Plus automotive manufacturing hit with historic economic loss, and critical vulnerability discovered in building energy systems.

Author

Alison Bridge
October 28, 2025

Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.

This Week’s Cyber Insights

🤖 AI-Powered Ransomware Now Behind 80% of All Attacks

The cybersecurity landscape has entered an unprecedented era as MIT Sloan and Safe Security research reveals a shocking statistic: 80% of ransomware attacks now utilize artificial intelligence, representing a fundamental shift to autonomous, adaptive threats that evolve in real-time.

  • The first confirmed AI-powered ransomware, PromptLock, discovered in August 2025, uses large language models to generate unique malicious scripts for each attack, making detection nearly impossible.

  • FunkSec ransomware group targeted 120+ organizations across government, defense, and education sectors using AI-assisted malware development—demonstrating how AI lowers the barrier to entry for technically inexperienced cybercriminals.

  • AI transforms attacks through enhanced reconnaissance that autonomously scans security perimeters, adaptive encryption that dynamically modifies algorithms, and polymorphic capabilities that evade signature-based detection.

  • Average ransomware costs reached $5.13 million per incident in 2024, with 2025 estimates at $5.5-6 million—60% of attacked small businesses close permanently within six months.

  • AI-powered behavioral analysis reduces cyberattack success rates by 73% and predicts 85% of breaches before they occur, but requires multi-layered defense strategies including zero-trust architecture and air-gapped backups.

🤔 The Bigger Picture: 

AI-powered ransomware can analyze building automation systems to identify critical HVAC, power, and access control infrastructure before launching attacks during off-hours when detection is minimal. Facility operators must implement AI-driven behavioral monitoring and deploy air-gapped backups, as these intelligent threats actively search for and disable backup systems before encryption.

🏭 Jaguar Land Rover Attack Delivers $2.5B Economic Blow

A cyberattack on Jaguar Land Rover in early September has inflicted an estimated $2.5 billion loss on the UK economy, marking one of the most severe incidents on record for critical infrastructure.

  • Cyberattack occurred in early September with devastating economic impact

  • $2.5 billion loss to UK economy represents one of the most severe incidents reported

  • Company forced to shut down systems to mitigate damage and prevent spread

  • Production and retail operations suffered significant disruption

  • Incident highlights critical vulnerabilities within infrastructure sectors

🤔 The Bigger Picture: 

Manufacturing facilities and supply chain partners face cascading risks from single points of failure. Building operators supporting manufacturing tenants should reassess their cybersecurity partnerships and incident response capabilities.

⚡ Critical Vulnerability Discovered in ASKI Energy Devices

ASKI Energy's ALS-Mini-S8 and ALS-Mini-S4 devices contain a critical vulnerability with a CVSS v4 score of 9.9, exposing systems to remote exploitation due to missing authentication controls.

  • CVSS v4 vulnerability score of 9.9 indicates extremely high risk

  • Missing authentication for critical functions enables unauthorized access

  • Vulnerability is remotely exploitable with low attack complexity

  • Both ALS-Mini-S8 and ALS-Mini-S4 models are affected

  • Organizations must prioritize immediate remediation to prevent exploitation

🤔 The Bigger Picture: 

Energy management systems in smart buildings using these devices face immediate compromise risk. Facility operators should conduct urgent assessments of their ASKI Energy deployments and implement network segmentation as a temporary measure.

Further Alerts & Insights

⚙️ Critical Rockwell Automation Vulnerability Alert

Rockwell Automation's 1783-NATR device contains a critical vulnerability rated CVSS v4 9.9, remotely exploitable with low attack complexity due to missing authentication for critical functions. Organizations using this equipment should take immediate action to secure systems against unauthorized access.

☢️ Nuclear Facility Breached via SharePoint Flaws

Foreign hackers successfully breached the National Nuclear Security Administration's Kansas City National Security Campus by exploiting Microsoft SharePoint vulnerabilities. The incident raises critical concerns about federal IT and operational technology system security, prompting calls for immediate cybersecurity protocol strengthening.

🤖 RAND Warns of AI-Driven Infrastructure Chaos

The RAND Corporation's new "Robot Insurgency" report demonstrates through simulations how rogue AI systems could autonomously execute attacks on critical infrastructure before human operators can intervene. The report emphasizes urgent need for robust cybersecurity measures as AI integration accelerates across energy, transportation, and public safety sectors.