Investigating the Evolution of Ransomware Delivery Vectors: From Traditional Phishing to AI-Generated Social Engineering Attacks

Abstract

Ransomware has evolved into one of the most disruptive forms of cybercrime, with threat actors continually adapting their delivery vectors to increase the success of infiltration. This study investigates the evolution of ransomware delivery mechanisms from traditional phishing and malicious attachments to emerging AI-generated social engineering attacks. Using a mixed-methods approach, the research analyses 200 documented ransomware incidents (2010–2025), 100 phishing and AI-generated message samples, and expert insights from cybersecurity practitioners. Quantitative trend analysis reveals that while traditional phishing remains the most common vector (39%), its effectiveness has declined as organisations adopt improved filtering technologies. In contrast, AI-driven delivery vectors, including automated spear phishing, deepfake voice impersonation, and context-aware messaging, have grown rapidly, accounting for 10% of recent incidents and showing a strong positive correlation (r = 0.71, n = 200, t(198) = 14.19, p < 0.001), with successful ransomware infiltrations. Qualitative analysis confirms that AI significantly enhances linguistic fluency, personalisation, and scalability of social engineering, enabling attackers to bypass conventional security controls. The study concludes that ransomware is undergoing a paradigm shift from technical exploitation to behavioural exploitation powered by AI automation. It recommends the adoption of AI-based email detection systems, deepfake-resistant verification procedures, enhanced employee training, and zero-trust security frameworks. This research contributes to emerging academic and industry discourse by providing one of the earliest structured examinations of AI-generated ransomware delivery vectors and proposing defence strategies suited to next-generation cyber threats.