First recognized AI-powered ransomware uncovered by ESET Analysis

The invention of PromptLock reveals how malicious use of AI fashions might supercharge ransomware and different threats

26 Aug 2025
 • 
,
2 min. learn

 

This helps our perception that PromptLock was a proof of idea fairly than absolutely operational malware deployed within the wild. Nonetheless, our findings stay legitimate – the found samples characterize the primary recognized case of AI-powered ransomware.

ESET researchers have found what’s the first recognized AI-powered ransomware. The malware, which ESET has named PromptLock, has the power to exfiltrate, encrypt and probably even destroy knowledge, although this final performance seems to not have been applied within the malware but.

Whereas PromptLock was not noticed in precise assaults and is as a substitute regarded as a proof-of-concept (PoC) or a piece in progress, ESET’s discovery reveals how malicious use of publicly-available AI instruments might supercharge ransomware and different pervasive cyberthreats.

“The PromptLock malware uses the gpt-oss-20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes. PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption,” said ESET researchers.

AI models have made it child’s play to craft convincing phishing messages, in addition to deepfake images, audio and video. The prepared availability of those instruments additionally drastically lowers the barrier to entry for much less tech-savvy attackers, permitting them to punch above their weight.

In the meantime, the ransomware scourge has, through the years, tested the cyber-mettle of numerous organizations, with the sort of malware additionally increasingly deployed by APT groups. As AI is already used by all types of threat actors to various levels, it is also set to assist energy a rise within the quantity and influence of ransomware assaults.

Whatever the intent behind PromptLock, its discovery factors to how AI instruments can be utilized to automate varied phases of ransomware assaults, from reconnaissance to knowledge exfiltration, at a pace and scale as soon as thought unattainable. The prospect of AI-powered malware that may, amongst different issues, adapt to the atmosphere and alter its techniques on the fly could usually characterize a brand new frontier in cyberattacks.

IoCs

Recordsdata