First AI-powered ransomware spotted, but it's not active – yet
Oh, look, a use case for OpenAI's gpt-oss-20b model
ESET malware researchers Anton Cherepanov and Peter Strycek have discovered what they describe as the "first known AI-powered ransomware," which they named PromptLock.
The good news, according to the duo, who detailed PromptLock in a series of social media posts and screenshots on Tuesday, is that the malware doesn't appear to be fully functional — yet.
The Register has learned that the AI-powered malware, which ESET named PromptLock, was uploaded to VirusTotal by a team at the NYU Tandon School of Engineering. After this story was published, the Tandon team alerted us that they had uploaded the proof-of-concept, which they named Ransomware 3.0, during testing, and ESET’s Anton Cherepanov and Peter Strycek later discovered it without knowing its academic origins. “While it is the first to be AI-powered, the ransomware prototype is a proof-of-concept that is non-functional outside of the contained lab environment,” the academics said.
"Although multiple indicators suggest the sample is a proof-of-concept (PoC) or work-in-progress rather than fully operational malware deployed in the wild, we believe it is our responsibility to inform the cybersecurity community about such developments," Cherepanov and Strycek wrote.
However, despite the lack of in-the-wild PromptLock infections, the discovery does show that AI has made cybercriminals' attack chains that much easier, and should serve as a warning to defenders.
The PromptLock malware uses Open AI's gpt-oss-20b model, which is one of the two free open-weight models the company released earlier this month. It runs locally on an infected device through the Ollama API, and it generates malicious Lua scripts on the fly, likely to make detection more difficult.
- DeepSeek installer or just malware in disguise? Click around and find out
- Crims defeat human intelligence with fake AI installers they poison with ransomware
- 'Impersonation as a service' the next big thing in cybercrime
- ZipLine attack uses 'Contact Us' forms, White House butler pic to invade sensitive industries
"PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption," the researchers explained, adding that the Lua scripts work on Windows, Linux, and macOS machines.
The malware then decides which files to search, copy, encrypt, or even destroy, based on the file type and contents. But according to the researchers, "the destruction functionality appears to be not yet implemented."
PromptLock uses the SPECK 128-bit encryption algorithm to encrypt files, and the ransomware itself is written in Go. The ESET team said they've identified both Windows and Linux variants uploaded to VirusTotal. ®
Biting the hand that feeds IT
