The First AI-Powered Ransomware & How It Works

Aug. 29, 2025, 3:49 p.m.

Description

PromptLock, a proof-of-concept AI-powered ransomware, leverages Lua scripts generated from hard-coded prompts to perform malicious activities across Windows, Linux, and macOS. Written in Go, it communicates with a locally hosted LLM through the Ollama API. The malware scans the filesystem, identifies sensitive information, and uses SPECK 128-bit encryption in ECB mode to encrypt files. It dynamically generates ransom notes and adapts its behavior based on the infected machine type. PromptLock's cross-platform compatibility and AI-driven script generation make it a significant concern for cybersecurity professionals, highlighting the need for advanced defensive strategies against evolving AI-powered threats.

External References

https://www.welivesecurity.com/en/ransomware/first-known-ai-powered-ransomware-uncovered-eset-research/
https://otx.alienvault.com/pulse/68b1adfad2b4f175757d71b2
Tags
ransomware
cross-platform
proof-of-concept
2025-08-29
promptlock
speck encryption
filesystem scanning
dynamic ransom notes
ai-powered
ollama api
lua scripts
go language

Date

  • Created: Aug. 29, 2025, 1:41 p.m.
  • Published: Aug. 29, 2025, 1:41 p.m.
  • Modified: Aug. 29, 2025, 3:49 p.m.

Attack Patterns

  • PromptLock