PromptLock: The Dawn of AI-Powered Ransomware - A Deep Dive into ESET's Groundbreaking Discovery

Executive Summary

The cybersecurity landscape has reached a significant milestone with ESET‘s discovery of PromptLock, the first known AI-powered ransomware.

This groundbreaking malware leverages OpenAI’s gpt-oss:20b model through the Ollama API to dynamically generate malicious scripts, representing an unprecedented evolution in ransomware sophistication.

While currently existing as a proof-of-concept, PromptLock signals a paradigm shift in how cybercriminals may weaponize artificial intelligence for malicious purposes.

You can check my latest blog where I did write about such attacks and how imminent is this kind of attack will happen. The Growing Threat: The Dark side of AI and LLMs

The Technical Architecture Behind PromptLock

AI-Powered Script Generation

PromptLock represents a fundamental departure from traditional ransomware architectures. Unlike conventional malware that relies on static, pre-written code, this innovative threat uses hard-coded prompts to instruct an AI model to generate malicious Lua scripts on demand. The malware establishes a connection to OpenAI’s gpt-oss:20b model via the Ollama API, creating a dynamic code generation system that can adapt its behavior in real-time.

The ransomware employs a sophisticated approach by avoiding the download of the entire AI model, which would require several gigabytes of storage. Instead, attackers can establish proxy connections or tunnels from compromised networks to servers running the Ollama API with the model. This technique, classified under MITRE ATT&CK framework as T1090.001 (Internal Proxy), is frequently employed in modern cyberattacks.

Cross-Platform Lua Script Execution

The generated Lua scripts provide PromptLock with exceptional cross-platform compatibility, enabling operations across Windows, Linux, and macOS environments. These scripts perform multiple malicious functions including:

• File system enumeration : Systematically mapping directory structures

• Target file inspection : Identifying valuable data for encryption or exfiltration

• Selective data exfiltration : Stealing sensitive information before encryption

• File encryption operations : Using the SPECK 128-bit algorithm

SPECK Encryption Implementation

PromptLock utilizes the SPECK 128-bit encryption algorithm, a lightweight block cipher developed by the National Security Agency (NSA). This cipher choice is particularly strategic for ransomware operations due to its:

• High performance on resource-constrained devices

• Rapid encryption capabilities essential for quick file scrambling

• Cross-platform compatibility supporting the malware’s multi-OS targeting

The SPECK algorithm operates on 128-bit blocks using a combination of simple operations including bitwise XOR, addition modulo operations, and bitwise shifts. Its lightweight nature ensures efficient encryption even on systems with limited computational resources.

Dynamic Threat Adaptation

One of PromptLock’s most concerning characteristics is its non-deterministic behavior. Since large language models inherently produce varying outputs for identical inputs, the malware can exhibit different behaviors across infections. This variability significantly complicates traditional signature-based detection methods, as indicators of compromise (IoCs) may vary from one execution to another.

The malware’s AI-driven approach enables several advanced capabilities:

• Environment-specific adaptation : Tailoring attacks based on system characteristics

• Evasion technique variation : Implementing different obfuscation methods per deployment

• Dynamic payload generation : Creating unique attack vectors for each target

Current Implementation Status

ESET researchers emphasize that PromptLock appears to be a proof-of-concept or work-in-progress rather than fully operational malware deployed in active attacks. Several indicators support this assessment:

• Incomplete functionality : The destructive file deletion capability remains unimplemented

• Symbolic Bitcoin address : The ransom payment address belongs to Bitcoin creator Satoshi Nakamoto rather than actual attackers

• Research-oriented indicators : Multiple aspects suggest experimental rather than operational deployment

Conclusion

The discovery of PromptLock marks a watershed moment in cybersecurity history, representing the first successful integration of artificial intelligence into ransomware operations. While currently existing as a proof-of-concept, this development foreshadows a future where AI-powered malware becomes increasingly common and sophisticated.

ESET’s research demonstrates both the innovative potential of malicious AI applications and the critical importance of proactive cybersecurity research. Organizations must recognize that the traditional reactive approach to cybersecurity is insufficient against AI-powered threats that can adapt and evolve in real-time.

The cybersecurity community must unite in developing advanced defensive capabilities that match the sophistication of these emerging threats. This includes investing in AI-powered detection systems, enhancing threat intelligence sharing, and fostering collaboration between security researchers and practitioners.

As we enter this new era of AI-powered cyber threats, the lesson from PromptLock is clear: the future of cybersecurity will be determined by our ability to harness artificial intelligence not just as a tool for productivity, but as a fundamental component of our digital defense infrastructure. The time for preparation is now, before proof-of-concepts like PromptLock evolve into fully operational weapons in the hands of cybercriminals.