Zensec (formally Solace Cyber) alerts the cybersecurity community to the emergence of PromptLock, the first known AI-powered ransomware, discovered by ESET researchers.
Although not yet active in the wild, this proof of concept strain demonstrates the disturbing potential of generative AI to revolutionise ransomware tactics.
PromptLock leverages OpenAI’s gpt oss:20b model via the Ollama API, running locally to generate Lua scripts in real time. These dynamically produced scripts enable:
• Enumeration and inspection of local filesystems
• Decision-based exfiltration, encryption (via SPECK 128-bit), and potential future destructive actions
• Cross-platform compatibility across Windows, macOS, and Linux environments
ESET emphasises that PromptLock remains a proof-of-concept and that no active ransom campaigns have been detected. Nevertheless, the architecture signals how AI could soon render ransomware more...
