Wednesday, August 27, 2025

The first AI-powered ransomware has been spotted - and here's why we should all be worried

  • Researchers discover new PromptLock ransomware
  • PromptLock is AI powered - presenting new concerns for security teams
  • AI is already shaking up the cyber landscape

Security researchers from ESET have identified the first known AI-powered ransomware, which serves as a warning for security teams as generative AI has, and will, continue to make cyberattacks much more accessible for criminals.

Researchers Peter Strycek and Anton Cherepanov discovered the proof of concept, which they dubbed ‘PromptLock’, which, ‘leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption.’

"Although multiple indicators suggest the sample is a proof-of-concept (PoC) or work-in-progress rather than fully operational malware deployed in the wild, we believe it is our responsibility to inform the cybersecurity community about such developments," the researchers wrote.

Use in the wild

The PromptLock malware uses OpenAI’s gpt-oss:20b model - an open weight model released in August 2025, and this is run locally through the Ollama API to generate malicious Lua scripts ‘on the fly’.

Lua scripts are cross-platform compatible, the researchers point out, meaning they function on macOS, Linux, and Windows. The malware can then exfiltrate, encrypt, and potentially destroy any data it chooses after scanning user files, presumably to determine which would be most valuable.

Security teams have been warning for months that the AI-powered future of ransomware is coming soon, and although PromptLock has not yet been observed targeting victims in the wild, it’s clear it's only a matter of time before this happens.

Not only does GenAI make life a lot easier for wannabe hackers by lowering the barrier of entry, but LLM’s also spit out different results even when given the same prompt. This makes them unpredictable and particularly difficult for defenders to detect, as the pattern of behavior is more erratic and hard to spot.

Via:The Register

You might also like



from Latest from TechRadar US in News,opinion https://ift.tt/sMHuD9y
at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

This Chinese chip giant is boosting production to try and take on Nvidia - but how will Huawei feel?

Cambricon aims to triple AI chip output in 2026 despite yield issues, resource shortages, and rising competition from Huawei. from Latest ...