The invention of PromptLock reveals how malicious use of AI fashions may supercharge ransomware and different threats
26 Aug 2025
•
,
2 min. learn
ESET researchers have found what they referred to as “the primary recognized AI-powered ransomware”. The malware, which ESET has named PromptLock, has the flexibility to exfiltrate, encrypt and presumably even destroy information, although this final performance seems to not have been carried out within the malware but.
Whereas PromptLock was not noticed in precise assaults and is as an alternative considered a proof-of-concept (PoC) or a piece in progress, ESET’s discovery reveals how malicious use of publicly-available AI instruments may supercharge ransomware and different pervasive cyberthreats.
“The PromptLock malware makes use of the gpt-oss-20b mannequin from OpenAI regionally through the Ollama API to generate malicious Lua scripts on the fly, which it then executes. PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the native filesystem, examine goal information, exfiltrate chosen information, and carry out encryption,” mentioned ESET researchers.
“The PromptLock ransomware is written in Golang, and we’ve got recognized each Home windows and Linux variants uploaded to VirusTotal,” added the researchers. Golang is a extremely versatile, cross-platform programming language that has additionally gained recognition amongst malware authors lately.
Sure to occur
AI fashions have made it kid’s play to craft convincing phishing messages, in addition to deepfake photographs, audio and video. The prepared availability of those instruments additionally drastically lowers the barrier to entry for much less tech-savvy attackers, permitting them to punch above their weight.
In the meantime, the ransomware scourge has, over time, examined the cyber-mettle of numerous organizations, with this kind of malware additionally more and more deployed by APT teams. As AI is already utilized by all varieties of risk actors to various levels, it is also set to assist energy a rise within the quantity and influence of ransomware assaults.
Whatever the intent behind PromptLock, its discovery factors to how AI instruments can be utilized to automate numerous phases of ransomware assaults, from reconnaissance to information exfiltration, at a velocity and scale as soon as thought unimaginable. The prospect of AI-powered malware that may, amongst different issues, adapt to the setting and alter its techniques on the fly might usually symbolize a brand new frontier in cyberattacks.
IoCs
Recordsdata
| SHA-1 | Detection | Description |
| 24BF7B72F54AA5B93C66 | Filecoder.PromptLock.A | PromptLock pattern |
| AD223FE2BB4563446AEE | Filecoder.PromptLock.A | PromptLock pattern |
| BB8FB75285BCD151132A | Filecoder.PromptLock.A | PromptLock pattern |
| F3F4C40C344695388E10 | Filecoder.PromptLock.A | PromptLock pattern |
| 639DBC9B365096D63471 | Filecoder.PromptLock.A | PromptLock pattern |
| 161CDCDB46FB8A348AEC | Filecoder.PromptLock.A | PromptLock pattern |
