ESET has recognized PromptLock, the primary AI-powered ransomware, utilizing OpenAI fashions to generate scripts that concentrate on Home windows, Linux and macOS.
It was solely a matter of time earlier than synthetic intelligence grew to become a constructing block for cybercriminals. This week, researchers at ESET revealed what they’re calling the primary identified AI-powered ransomware, a prototype dubbed PromptLock, which makes use of an open-weight AI mannequin from OpenAI to generate malicious code on the fly.
Slightly than carrying a static payload, PromptLock calls on the gpt-oss:20b mannequin by means of the Ollama API, enabling it to write down and execute Lua scripts immediately on a compromised system. These scripts can scan directories, examine recordsdata, exfiltrate chosen information, and encrypt the outcomes, all with out the necessity for prepackaged binaries. That flexibility provides attackers a degree of adaptability not generally seen in conventional ransomware.
The malware is written in Golang, making it cross-platform, and ESET has already noticed each Home windows and Linux samples uploaded to VirusTotal. As a result of Lua is light-weight and moveable, it permits PromptLock to achieve additional than its ordinary victims and run on techniques usually uncared for by ransomware operators, together with macOS and shopper Linux units.
Apparently, researchers famous that whereas PromptLock can exfiltrate and encrypt recordsdata, however its skill to destroy information has not but been applied. This, together with a number of tough edges within the code, means that it’s a proof-of-concept or work-in-progress somewhat than a reside marketing campaign concentrating on organisations.
ESET’s findings add to worries that AI-driven malware may make cyberattacks quicker and larger-scale. Simply as machine studying has already been used to create extra convincing phishing lures and deepfake content material, fashions may also be tailored to deal with duties akin to reconnaissance, persistence, or information theft. PromptLock reveals that ransomware authors are already experimenting with this method.
Commenting on the invention, Nathan Webb, principal advisor at Acumen Cyber, defined why this improvement shouldn’t be dismissed as a easy lab experiment: “That is presumably the primary occasion of an AI-powered piece of ransomware noticed within the wild. Slightly than include a payload, the malware makes use of ChatGPT to write down Lua scripts on the fly, which provides it details about the native system and permits it to view recordsdata, exfiltrate information, and finally encrypt the system.”
“The usage of Lua right here means that attackers try to make the ransomware platform-agnostic, in order that they’ll goal a wider vary of techniques and environments, particularly these not historically focused as a result of their low market share, like Apple units, and shopper Linux units,” Nathan identified.
Webb additionally identified that defending towards such threats would require new pondering round script interpreters and OS-level instruments. Safety distributors might want to enhance detection mechanisms that may separate reputable scripts from malicious ones, utilizing their very own machine studying fashions to deobfuscate and analyse behaviour in actual time.
