AI-powered ransomware has emerged in the wild for the first time, according to researchers from cybersecurity firm ESET. The malware, called PromptLock, uses artificial intelligence to assist in executing ransomware attacks, signaling a new and concerning trend in cybercrime.
How PromptLock Works
PromptLock functions as a hard-coded prompt injection attack targeting a large language model (LLM). It uses this model to carry out ransomware operations. Written in Golang, the malware communicates with Ollama, an open-source API for interacting with LLMs, and gpt-oss:20b, a local model from OpenAI.
Once activated, PromptLock can:
- Inspect local filesystems
- Exfiltrate files
- Encrypt data on Windows, Mac, and Linux systems using SPECK 128-bit encryption
These actions allow the malware to perform standard ransomware tasks.
Discovery and Status
On August 25, Anton Cherepanov, senior malware researcher at ESET, discovered PromptLock on VirusTotal, a malware analysis platform. Although the origin of the malware is unclear, it was uploaded from somewhere in the U.S. Cherepanov believes that PromptLock is a proof-of-concept (PoC) and not yet fully operational. Key features, such as the destruction of data, are still unfinished.
Despite the lack of evidence showing active deployment, ESET felt it necessary to alert the cybersecurity community about the new threat.
The Role of AI in Ransomware
PromptLock stands out because it uses AI to generate malicious scripts. The malware instructs the LLM to:
- Generate Lua scripts to perform key ransomware tasks
- Check files for personally identifiable information (PII)
- Create ransom notes based on what the AI thinks a ransomware actor would write
Additionally, it includes a Bitcoin address, possibly linked to Satoshi Nakamoto, the pseudonymous creator of Bitcoin. The address is used in ransom demands.
The Threat of AI in Cyberattacks
The rise of AI-driven malware like PromptLock highlights the potential dangers AI can pose in cybersecurity. Many businesses deploy AI agents in their networks, often with high-level administrative access. This makes them vulnerable to prompt injection attacks, where attackers exploit AI models to turn them against their owners.
Another key concern is that indicators of compromise (IoCs) may vary with each attack due to the AI-generated scripts. This variability makes it harder for defenders to identify and neutralize threats.
Conclusion
The discovery of PromptLock marks a dangerous new phase in ransomware attacks. By leveraging AI, cybercriminals can now execute attacks in more unpredictable ways. As AI continues to evolve, cybersecurity experts must adapt to new challenges in defending against AI-powered threats.
