Ransomware via AI Systems

AI assets have uniquely high ransom value: a model trained over months on millions of dollars of compute cannot be regenerated quickly, training datasets may be irreplaceable, and inference service downtime directly impacts revenue. Ransomware targeting AI infrastructure exploits this value concentration — encrypting model weights is the AI equivalent of encrypting a company's core database, but with higher recovery costs because retraining is slower and more expensive than restoring from backup. The trust assumption violated is that AI assets are protected by the same backup and recovery mechanisms as traditional IT assets — in practice, model weights are often stored on high-performance storage (NVMe, distributed filesystems) that prioritizes speed over backup frequency, and training state (checkpoints, optimizer state) is rarely backed up with the same rigor as production databases.

Ransomware chains from T14-AT-001 (GPU Farm Hijacking) for initial access and from T13 (Supply Chain) for ML pipeline compromise. The ransom payment itself chains into T14-AT-013 (Economic Espionage) — ransomware operators increasingly exfiltrate data before encryption for double-extortion.