With AI and quantum computing on the horizon, cybercrime is more profitable than drug trafficking

Forget the cybercriminal who lives in a basement, wears a black hoodie and eats cold pizza. Digital crime employees are careerists: real offices with all the perks of the big names in Silicon Valley: ping pong tables to relax on, beds in the office for power naps, paid company dinners in restaurants with two Michelin stars and all the other tools to court the best minds in technology.

This is the operational reality of the most organized groups on the planet that deal with ransomware (software used to block a company's data and then ask for a ransom to unlock it). During the full immersion day on cybercrime organized in Madrid by Kaspersky Horizon, researchers and experts in the sector have shown an uncomfortable truth: cybercriminals have now built corporate empires that are more efficient than many traditional multinationals. What emerges from the analysis of data collected by ethical hackers who have infiltrated the communications of these groups is a criminal ecosystem that makes billions and operates with a managerial precision that would make any MBA envious.

The accounts of the multinational cybercrime companies

An example: the structure of the Conti group, analyzed in detail by ethical hacker Clément Domingo, reveals an organizational chart that resembles that of a corporation: "core leadership team", responsible for human resources and finance, team leaders who control daily operations, operational structures organized according to functions. Salaries are competitive: from 1,800 to 2,200 dollars a week for an average operator, with bonuses tied to results.

Business numbers: "Conti" has made between 100 and 185 million dollars in 2021 alone, while Lockbit has generated losses of 500 million in 18 months. The global ransomware market, officially estimated at 1.1 billion dollars in 2023 (following Chainalysis estimates and FBI and Europol reports), according to Domingo should be multiplied by eight or nine to get the real figure. The German MediaMarkt is said to have paid a ransom of 240 million dollars to Hive to get its data back, the Taiwanese Acer 100 million for Revil, the British Royal Mail another 80 million and 70 million the Taiwanese chip manufacturer Tsmc, both hit by LockBit.

The Art of Digital Negotiation

How do these modern digital pirates determine the amount of ransoms? With a method similar to that of many consulting firms. Criminal groups meticulously analyze victims' balance sheets, using business intelligence tools, calculating requests that fluctuate between 1 and 10% of the annual turnover. The figures range from 250 million dollars for large corporations to eight thousand dollars for very small businesses. The "real" total is arrived at after a negotiation phase. "It is no longer valid to say that you are not at risk because you are too small or not important enough," says Domingo. "If the ransomware economy were a nation," he says, "it would be the third after the United States and China."

According to Marc Rivero, head of research at Kaspersky GReAT, this confirms an alarming trend: “AI lowers the barrier to entry and accelerates the creation of malware, allowing even less experienced attackers to rapidly develop sophisticated malicious software at scale.” Cybercriminals use chatGPT and other AI tools for a wide range of functions, from automating attacks to creating deepfakes for scams.

The real problem, experts explain to ItalianTech, is in fact another: artificial intelligence is breaking down the barrier that until yesterday separated the "kids" from expert attackers. Making the former just as dangerous as the latter. Now, this "democratization" of crime attracts the youngest because word gets around that every teenager who is good with a computer is a potential millionaire: Dajjalx, arrested at 17 in France, had accumulated 1.3 million dollars in cryptocurrencies, while IntelBroker, a 25-year-old British man, ran one of the largest illegal cyber markets online.

This is why the average age of cybercriminals is decreasing dramatically, with consequences that also affect the micro-organizations that are emerging within an increasingly larger criminal ecosystem.

The Malware of the Future is Already Here

FunkSec represents the latest evolution of this threat: a ransomware just discovered by Kaspersky that shows clear signs of AI-assisted development. The code features generic comments and other technical elements of the type generated by automated coding systems, and many technical inconsistencies typical of LLMs, or Large Language Models .

It is not a virus, but rather "ransomware", that is, malicious software that infiltrates the computers of a company or a private individual and encrypts all the information present, effectively blocking it with a password known only to the attackers. Here the "ransom metaphor" comes into play: the data is "kidnapped", even if it does not physically move, and to get it back, that is, to unlock it with a password, it is necessary to pay a ransom. Large organizations that have fallen into the net of malicious people have paid up to hundreds of millions of dollars (usually in cryptocurrencies, which are not easily traceable) in order to recover the operational data necessary for their activities.

Now, however, there is an important change. The new strategy with FunkSec changes the dynamics of cybercrime because it makes it "easy" for attackers to use ransomware. Producers sell it to other cybercriminals for less than ten thousand dollars, in a real black market of these tools, to carry out high-volume attacks. It is an approach that favors quantity over quality.

This model, based on artificial intelligence to operate and personalize the attack, multiplies data theft attempts and activates an entire illegal market of "negotiators" who take charge of the violated companies to ask for the ransom money, and then of other malicious people who take care of laundering the money obtained or selling the information "filched" from the compromised computers. It is an entire ecosystem of planetary dimensions, organized as a series of cybercrime companies that communicate with each other, exchange data, bitcoins to launder, information to resell.

The attack with quantum computers

Companies usually protect themselves from this type of attack by encrypting their data: in this way, even if "captured" they are at least not accessible. But this strategy risks not working anymore. Sergey Lozhkin, also from Kaspersky GReAT, explains: "The most critical risk today is that encrypted data that has a long-term value, can be decrypted in the future".

In fact, criminal groups, according to data provided by Kaspersky, are implementing the "steal today, use tomorrow" strategy. That is, they are collecting encrypted data today to decipher it in 5-10 years, when quantum computers will be available that can easily "break" the digital locks of the most advanced cryptography.

And on the market, Domingo explains, there is a real race between the development of ransomware capable of resisting decryption with quantum computers, and the use of quantum computing to break current encryption systems. The security decisions made today will define the resilience of the digital infrastructure for decades to come.

The new geography of crime

The transformation of the cybercriminal market has very strong consequences: "In 2025 it is more lucrative to be a cybercriminal than to sell drugs," says Domingo, "because you earn more and there is much less risk from a legal point of view."

In traditional drug crime, weapons and violence are used, personal injury is caused and often the death of many people: there are dozens of possible aggravating factors, and international coordination between police forces for crimes committed in the "physical world" is efficient. It is difficult to get away with it. This is not the case for cybercrime. Criminals are therefore moving ever faster into cybercrime: they risk much less and earn much more. This has direct consequences for everyone: from banks that must protect transactions to blockchains vulnerable to quantum attacks.

A problem that firstly involves companies understanding the risks inherent in the digital transition. Liliana Acosta, a Colombian researcher who founded the company "Thinker Soul" and is an expert in the ethics of artificial intelligence, explains that it is necessary to understand the new technologies to truly understand the impact they will have. "People - she says - do not understand the meaning and power of artificial intelligence. When we explain to companies what it really entails, they get scared". Quantum computing also threatens cryptocurrencies: Bitcoin's ECDSA algorithm could be compromised, opening up scenarios of digital signature falsification and manipulation of transaction history.

According to Spanish Pilar Troncoso of QCentroid, there is a crucial aspect related to quantum risks: "The problem is not only Bitcoin, but the risk of making planes fall from the sky". The breakdown of security systems with the synergy between artificial intelligence enhanced by the use of quantum computing systems could destroy any form of digital security, including that of critical infrastructures. From energy plants to logistics and driving systems for trains, planes, ships.

The answer? It’s so-called “post-quantum cryptography.” The race is already on, but the transition to securing all systems will take years of preparation. Governments, companies, and critical infrastructure providers must start adapting now, before systemic vulnerabilities become irreversible, Troncoso explains. Without international coordination and timely infrastructure upgrades, risks to financial, government, and corporate data are potentially critical. The cybersecurity of the future is being played out today, in the strategic choices and investments that will define the digital resilience of the next decade.