Security researchers at ESET Research have uncovered what they describe as the first known “AI-powered ransomware”, in the wild.
The PromptLock ransomware can generate malicious scripts “on the fly,” enumerate local file systems, inspect target files, exfiltrate selected data and perform encryption on Windows, Linux, and Mac devices.
It can also exfiltrate, encrypt, or potentially destroy data.
In a thread on X, ESET’s Research team outlines how the model uses OpenAI models via the Ollama API to create and execute Lua scripts generated from hard-coded prompts.
As the above screenshots show, the malware, contains harmful prompts asking LLMs to generate malicious Lua scripts.
The prompts included instructions to inspect the files and to write a ransom note – including a link to a Bitcoin address for payment.
The ESET threat researchers noted that the sample of malware is likely a work-in-progress or proof-of concept, “rather than fully operational malware deployed in the wild.”
In a blog post, ESET’s Senior Malware Researcher Anton Cherepa said: “The PromptLock malware uses the gpt-oss-20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes.”
“The PromptLock ransomware is written in Golang, and we have identified both Windows and Linux variants uploaded to VirusTotal,” the researchers added.
Why This Matters
The attack has not yet been uncovered in the wild, and some have expressed scepticism about how effective the threat would be in the wild due to the amount of data needed to be sent to-and-fro for the LLM to analyze.
However, it’s clear that this will not be the last AI-powered ransomware. As ESET notes: “AI models have made it child’s play to craft convincing phishing messages, as well as deepfake images, audio and video.”
“The ready availability of these tools also drastically lowers the barrier to entry for less tech-savvy attackers, allowing them to punch above their weight.”
Businesses must be prepared for a new era of cyber-crime, potentially perpetrated by threat actors with low technical skills. Access to AI enables a broader range of users to commit widespread attacks.
