Security researchers at ESET have identified “PromptLock”, which they are calling the first known strain of AI-powered ransomware. While still a proof of concept with no observed active usage in the wild, PromptLock represents a disruptive shift in ransomware tactics: it dynamically generates malicious scripts via an LLM rather than delivering static malware code. This article covers how it works, why it matters, and how to protect yourself.
How PromptLock works
PromptLock displays a new level of sophistication in ransomware. Instead of hard‑coded encryption routines, it runs OpenAI’s open‑weight gpt‑oss:20b model (which was only released on August 5, 2025) accessed via an Ollama REST API endpoint to generate and execute Lua scripts on the fly. These scripts are designed to traverse files, inspect targets, exfiltrate data, and perform encryption across Windows, macOS, and Linux platforms. The malware, written in Golang, employs the NSA‑developed SPECK 128‑bit algorithm and includes a Bitcoin address for ransom payments. It is important to emphasize that PromptLock is a proof of concept, perhaps designed for experimental or demonstration purposes. Versions shared on VirusTotal show various incomplete features: for example, target file deletion is not fully supported, and features like ransomware delivery, persistence, and robust encryption are not yet in evidence.
Why it matters
While it is not active in the wild, PromptLock is the first in a new, next wave of ransomware. Leveraging AI, this next generation of malware adapts itself, functions autonomously, and tries to evade detection in ways that traditional defenses may struggle to contain.
The techniques that PromptLock features (e.g., AI-driven dynamic scripting, local LLM execution, etc.) could be quickly adopted by established ransomware groups such as LockBit, ALPHV/BlackCat, or their affiliates. This proof of concept will certainly be used as inspiration for future cyber criminals.
What organizations can do to defend themselves
PromptLock-specific strategies:
- Monitor for unusual script activity, particularly Lua script execution in environments where Lua is uncommon.
- Alert on SPECK algorithm usage, as this encryption standard is rarely used in legitimate enterprise software.
- Hunt for suspicious Golang binaries and executables invoking local AI inference engines (e.g., Ollama).
- Monitor for additional emerging IOCs related to PromptLock over the coming days.
Additional best practices:
- Harden entry points with phishing-resistant MFA, conditional access, least-privilege approaches, and network segmentation.
- Deploy behaviour-based EDR/XDR that can spot anomalous file encryption or access.
- Maintain frequent, immutable offline backups; test restore processes to meet recovery time objective (RTO) targets.
- Train staff and support security awareness initiatives, especially as AI-powered phishing and other social engineering grows.
- Secure local LLMs: restrict filesystem and network permissions, and monitor for unsanctioned prompt-driven automation. The security researchers’ findings suggest that attackers can bind an LLM to malicious tasks via hard-coded prompts.
How ISA Cybersecurity can help
The cyber experts at ISA Cybersecurity have already implemented enhanced measures to defend our managed services customers against potential PromptLock-inspired attacks. Our team is available to help you strengthen your cybersecurity posture and mitigate risk. The era of AI-powered ransomware is here today – let us help you stay a step ahead. Contact us today to learn more.
