ESET Warns of PromptLock, the First AI-Driven Ransomware

Reputable cybersecurity firm ESET has made a groundbreaking discovery that sends shockwaves through the threat landscape. The company's research team has identified the first known AI-powered ransomware, dubbed "PromptLock." This malicious software utilizes OpenAI's gpt-oss:20b model via Ollama to generate and run malicious Lua scripts, marking a significant milestone in the evolution of ransomware.

According to ESET Research, PromptLock was discovered by analyzing a series of messages posted on X. The researchers revealed that the malware leverages the gpt-oss:20b model locally via the Ollama API to create and execute malicious Lua scripts on the fly. These scripts are designed to scan files, steal data, and encrypt them.

"PromptLock uses AI-generated Lua scripts to scan files, steal data, and encrypt them," said ESET Research. "The Lua scripts are multi-platform, meaning they can be executed on Windows, Linux, and macOS." The ransomware is written in Golang, with both Windows and Linux variants detected by VirusTotal.

One of the most intriguing aspects of PromptLock is its data destruction feature, which appears to be currently under development. According to ESET, "the malware may exfiltrate data, encrypt it, or potentially destroy it." However, experts have noted that this functionality has not yet been fully implemented.

Another notable aspect of PromptLock is its use of the SPECK 128-bit encryption algorithm. While multiple indicators suggest that this sample is a proof-of-concept (PoC) or work-in-progress, ESET's researchers believe it's essential to inform the cybersecurity community about such developments, despite their potential risks.

"Although multiple indicators suggest the sample is a PoC or work-in-progress rather than fully operational malware deployed in the wild, we believe it is our responsibility to inform the cybersecurity community about such developments," said ESET Research. "PromptLock represents a significant threat to individuals and organizations worldwide, and we urge everyone to exercise caution when dealing with unknown software."

Follow ESET's research team on Twitter (@securityaffairs), Facebook, and Mastodon to stay informed about the latest cybersecurity threats and developments.

Stay Safe from PromptLock

To protect yourself from PromptLock and similar AI-driven ransomware attacks:

  • Keep your operating system and software up-to-date with the latest security patches.
  • Use robust antivirus software that can detect and block unknown threats.
  • Be cautious when opening unsolicited files or emails, especially those from unfamiliar senders.
  • Maintain regular backups of your data to ensure it can be restored in case of an attack.

Stay vigilant and informed about the latest cybersecurity threats. If you suspect you've encountered PromptLock or any other ransomware, contact your local authorities or a reputable cybersecurity firm immediately for assistance.