Article Details

First AI-powered ransomware spotted, but it's not active – yet. Oh, look, a use case for OpenAI's gpt-oss-20b model. ESET malware researchers Anton Cherepanov and Peter Strycek have discovered what they describe as the "first known AI-powered ransomware," which they named PromptLock.  The good news, according to the duo, who detailed PromptLock in a series of social media posts and screenshots on Tuesday, is that the malware doesn't appear to be fully functional — yet. "Although multiple indicators suggest the sample is a proof-of-concept (PoC) or work-in-progress rather than fully operational malware deployed in the wild, we believe it is our responsibility to inform the cybersecurity community about such developments," Cherepanov and Strycek wrote. However, despite the lack of in-the-wild PromptLock infections, the discovery does show that AI has made cybercriminals' attack chains that much easier, and should serve as a warning to defenders. The PromptLock malware uses Open AI's gpt-oss-20b model, which is one of the two free open-weight models the company released earlier this month. It runs locally on an infected device through the Ollama API, and it generates malicious Lua scripts on the fly, likely to make detection more difficult.  "PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption," the researchers explained, adding that the Lua scripts work on Windows, Linux, and macOS machines. The malware then decides which files to search, copy, encrypt, or even destroy, based on the file type and contents. But according to the researchers, "the destruction functionality appears to be not yet implemented." PromptLock uses the SPECK 128-bit encryption algorithm to encrypt files, and the ransomware itself is written in Go. The ESET team said they've identified both Windows and Linux variants uploaded to VirusTotal.