Cybersecurity researchers at ESET have uncovered AI-powered ransomware, a discovery that marks a significant evolution in the cyber threat landscape. Named PromptLock, this malware demonstrates the potential for artificial intelligence to automate and enhance ransomware attacks, making them faster, more scalable, and potentially more dangerous.
This new AI Cyber threat, written in Golang, has been found in variants targeting both Windows and Linux systems. While it has not been seen in the wild, its very existence serves as a stark warning. PromptLock leverages the gpt-oss-20b model from OpenAI via the Ollama API to dynamically generate malicious scripts.
This allows the ransomware to automate crucial stages of an attack, including:
- File System Enumeration: Quickly mapping out a victim’s network and finding valuable files.
- Target File Inspection: Analyzing files to determine their importance and value for data exfiltration.
- Data Exfiltration: Stealing sensitive information before encryption.
- Encryption: Locking down files and demanding a ransom.
By using AI, PromptLock can perform these actions at an unprecedented speed, a key impact that could change the face of ransomware attacks.
Key Impacts and What It Means for You
The discovery of PromptLock highlights a critical shift in how cybercriminals could operate. The most significant impacts include:
- Automation and Speed: AI could automate the reconnaissance and execution phases of a ransomware attack, reducing the time needed for a successful breach from days or weeks to hours or even minutes.
- Increased Scalability: An AI-powered threat can more easily adapt to new environments and targets without human intervention, allowing for a broader and more widespread attack campaign.
- Evasion of Traditional Defenses: The dynamic nature of PromptLock’s scripting, generated on-the-fly by an AI model, could make it harder for traditional signature-based antivirus software to detect and block the malware.
How It Works:?
Instead of being a simple program with a set list of instructions, PromptLock is powered by a piece of artificial intelligence. It uses a special AI model to create malicious scripts on the fly.
PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption,” said ESET researchers.
Think of it this way:
- Old Ransomware: A pre-written script that says, “Look for files named document.docx and photo.jpg.” It’s limited and can be easily stopped.
- PromptLock: It uses its AI brain to ask questions like, “What are the most important files on this computer? What looks like a valuable business document or a sensitive client list?” It can then write a new, unique script to find and steal those specific files.
This makes the attack much faster and harder for normal security software to detect.
The Research Points
The ESET team’s discovery of PromptLock highlights a few critical things:
- It’s a “Proof-of-Concept”: This means it’s a working example that shows what’s possible, even if it’s not being used for real crimes yet.
- It’s a Game Changer: The use of AI could automate entire attacks, from finding the files to stealing them and encrypting them, all at a speed we haven’t seen before.
- It Affects Everyone: The research points to a future where cyberattacks will be more adaptable and harder to defend against with traditional methods.
In short, this is a wake-up call for everyone to update their security and be prepared for a new era of smarter, faster cyber threats.
