Fast Facts
-
ESET discovered PromptLock, an AI-powered ransomware written in Golang that uses OpenAI’s gpt-oss:20b model locally to generate malicious Lua scripts for cross-platform encryption, exfiltration, and filesystem enumeration.
-
PromptLock leverages AI-generated Lua scripts with variable IOCs, complicating detection efforts, and is currently considered a proof-of-concept, utilizing SPECK 128-bit encryption to lock files, with potential to also exfiltrate or destroy data.
-
The malware operates without downloading the full AI model, instead establishing a proxy to a server with the Ollama API, indicating a new approach that enhances its stealth and potential for deployment.
- The emergence of PromptLock highlights how AI facilitates easier malware creation by cybercriminals, while AI models like ChatGPT are vulnerable to prompt injection and model-routing attacks, which undermine security and enable malicious activities such as data theft and system bypasses.
The Core Issue
Cybersecurity firm ESET has uncovered a new form of AI-powered ransomware called PromptLock, developed using the programming language Golang and employing the advanced gpt-oss:20b model from OpenAI via the Ollama API. This malware notably creates malicious Lua scripts in real-time by leveraging AI-generated instructions to explore the local filesystem, target files, exfiltrate data, and encrypt information across multiple operating systems. Although it appears to be a proof-of-concept and not yet widely deployed, PromptLock demonstrates how artificial intelligence can be leveraged to craft highly variable and evasive malicious code, complicating detection efforts. Its design also suggests potential for data exfiltration or destruction, with encryption handled by the SPECK 128-bit algorithm. The malware artifacts were uploaded from the U.S. on August 25, 2025, though the true perpetrators remain unknown.
This development underscores how AI tools increasingly streamline cybercriminal activities, allowing even those with limited technical skills to rapidly develop sophisticated malware and attack strategies. The broader context highlights recent concerns over vulnerabilities in large language models (LLMs) like ChatGPT and Anthropic’s Claude, which are susceptible to prompt injections and model re-routing attacks—techniques actively exploited by malicious actors to bypass security measures, steal data, or induce unintended AI behaviors. As AI models are integrated more deeply into digital infrastructure, these evolving threats reveal both the promise and peril of this technology in cybersecurity, emphasizing the critical need for advanced safeguards against AI-driven malware and exploitation.
What’s at Stake?
Cyber risks are evolving rapidly with advancements in artificial intelligence, exemplified by the emergence of AI-powered ransomware like PromptLock, which leverages local GPT models and dynamically generated cross-platform Lua scripts to conduct file enumeration, exfiltration, and encryption, thereby complicating detection and response efforts; such malware not only poses direct threats to personal, corporate, and critical infrastructure systems but also underscores broader vulnerabilities in AI architectures—particularly prompt injection and model manipulation tactics—that can enable data theft, system sabotage, and evasion of security measures. These sophisticated exploits, often utilizing open-source or accessible AI tools, dramatically lower the technical barrier for cybercriminals to deploy potent, adaptable attacks, creating significant challenges for defenders tasked with safeguarding valuable information and operations amid an environment where AI-driven threats are becoming more autonomous, more elusive, and increasingly destructive.
Possible Next Steps
Addressing the emergence of AI-powered ransomware, such as the creation of the first AI-driven ransomware using OpenAI’s gpt-oss:20b model, is critically urgent. Rapid response minimizes damage, prevents widespread disruption, and safeguards sensitive data, emphasizing that prompt remediation can be the difference between containment and catastrophic compromise.
Containment Measures
Isolate affected systems immediately to prevent ransomware spread. Disconnect compromised devices from networks and disable remote access features.
Incident Assessment
Conduct a thorough investigation to understand the scope of infection, entry points, and vulnerabilities exploited by the ransomware.
Removal and Recovery
Utilize specialized malware removal tools to eliminate ransomware. Restore affected systems from secure backups to ensure data integrity and operational continuity.
Patch and Update
Apply security patches and updates to all systems to close exploited vulnerabilities and prevent re-infection.
Strengthen Defenses
Implement advanced threat detection systems, such as intrusion detection and endpoint protection, to identify future threats quickly.
User Education
Educate personnel about phishing tactics, suspicious links, and safe internet practices to reduce risk vectors.
Legal and Reporting Obligations
Notify relevant authorities and comply with data breach laws; document incidents for future security improvements.
Ongoing Monitoring
Maintain vigilant monitoring of network activity to detect anomalies indicative of malicious activity post-remediation.
Strategic Planning
Develop and regularly update incident response plans, including procedures specific to AI-driven cyber threats, ensuring preparedness for future attacks.
Continue Your Cyber Journey
Stay informed on the latest Threat Intelligence and Cyberattacks.
Explore engineering-led approaches to digital security at IEEE Cybersecurity.
Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.
Cyberattacks-V1
