First known AI-powered ransomware uncovered by ESET Research

Discovering PromptLock: How AI Models Are Revolutionizing Ransomware Threats

Embarking on a groundbreaking journey, ESET researchers have unveiled what they have dubbed as “the world’s first AI-powered ransomware.” Known as PromptLock, this malicious software possesses the capability to exfiltrate, encrypt, and potentially obliterate data, although the latter function has not been fully implemented yet.

Although PromptLock has not been detected in actual cyber attacks and is believed to be either a proof-of-concept (PoC) or a work in progress, ESET’s discovery sheds light on how the malevolent utilization of AI tools available to the public could significantly enhance ransomware and other prevalent cyber threats.

According to ESET researchers, “The PromptLock malware harnesses the gpt-oss-20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts dynamically, which it subsequently executes. PromptLock utilizes Lua scripts produced from predetermined prompts to survey the local filesystem, scrutinize target files, extract selected data, and execute encryption.”

“The PromptLock ransomware is coded in Golang, with both Windows and Linux variants being identified on VirusTotal,” the researchers added. Golang, a versatile, cross-platform programming language, has gained traction among malware creators in recent times.

Unavoidable Progression

AI models have streamlined the creation of authentic-looking phishing messages, as well as deepfake content in the form of images, audio, and video. The widespread availability of these tools has substantially reduced the entry barrier for less tech-savvy attackers, allowing them to operate beyond their usual capacities.

Simultaneously, the ransomware epidemic has tested the resilience of numerous organizations over time, with this type of malware increasingly being employed by APT groups. As AI is already being utilized by threat actors of all kinds to varying extents, it is poised to amplify the frequency and severity of ransomware attacks.

Irrespective of PromptLock’s intended purpose, its emergence underscores how AI tools can automate diverse stages of ransomware attacks, from reconnaissance to data extraction, at a pace and scale previously deemed unattainable. The notion of AI-powered malware that can adapt to its surroundings and alter its strategies dynamically may signify a new era in cyber warfare.

Leave a Reply

Your email address will not be published. Required fields are marked *