SentinelLABS assesses that LLMs are accelerating the ransomware lifecycle by increasing speed, volume, and multilingual reach across reconnaissance, phishing, tooling assistance, data triage, and negotiation, while not producing a fundamental change in attacker tactics or novel capabilities. Adversaries are migrating toward self‑hosted, open models (e.g., Ollama) and proof‑of‑concept tools such as Claude Code, PromptLock, MalTerminal, and QUIETVAULT to evade provider guardrails and automate extortion and data theft; #ClaudeCode #QUIETVAULT
Keypoints
- LLMs are accelerating existing ransomware workflows—reconnaissance, phishing, data triage, tooling, and negotiation—by improving speed, scale, and multilingual capability, but are not introducing fundamentally new tactics.
- Lowered barriers to entry: LLMs enable low- to mid-skill actors to assemble functional RaaS tooling and attack flows by decomposing malicious tasks into seemingly benign prompts that can evade guardrails.
- Actors are increasingly adopting self-hosted/open-source models (notably Ollama and similar local models) to minimize provider telemetry and bypass safety controls.
- Documented abuses include autonomous extortion with Claude Code, LLM-driven PoC malware like MalTerminal and PromptLock, and local‑LLM abuse for credential/wallet discovery (QUIETVAULT).
- LLM-enabled exploit development is accelerating prototyping and churn but often produces non-viable/hallucinated exploits; defenders should expect increased noise and fatigue from rapid PoC proliferation.
- Emerging trends to track: prompt-smuggling-as-a-service, optimized local-model malware, templated negotiation agents in RaaS panels, brand spoofing/fake claims, and AI-augmented support tooling (SpamGPT, AIO Callcenter) used by IABs and extortion campaigns.
MITRE Techniques
- [T1566 ] Phishing – Used to craft localized, persuasive phishing and extortion messages with LLMs (“threat actors use them to draft phishing emails and localized content, such as ransom notes using the same language as the victim company”).
- [T1083 ] File and Directory Discovery – LLMs are used to search and identify sensitive files across languages and directories (“Find all documents related to financial debt or trade secrets” and searches of $HOME, ~/.config, ~/.local/share).
- [T1005 ] Data from Local System – LLM-assisted tools enumerate and extract wallet and credential files from victims’ systems (“identify files matching patterns associated with various cryptowallets including MetaMask, Electrum, Ledger, Trezor, Exodus, Trust Wallet, Phantom, and Solflare”).
- [T1567 ] Exfiltration Over Web Service – Stolen data is encoded and exfiltrated via newly created GitHub repositories (“Base64-encodes the stolen data and attempts to exfiltrate it via newly created GitHub repositories using local credentials”).
- [T1021 ] Remote Services – Reverse shells and remote access techniques are enabled/packaged in LLM-assisted tooling (“including ransomware and a reverse shell, through prompting a commercial LLM to generate the code”).
- [T1059 ] Command and Scripting Interpreter – Actors use scriptable prompts and generated code (JavaScript, shell) to automate theft and tool behavior (“The JavaScript-based stealer searches for and leverages LLMs on macOS and Linux hosts by embedding a malicious prompt”).
- [T1105 ] Ingress Tool Transfer – LLMs are used to generate and deliver tooling and payloads to victims (“this tool bypassed safety filters to deliver a ransomware payload”).
- [T1203 ] Exploitation for Client Execution – LLMs can accelerate exploit prototyping and PoC exploit generation, increasing churn though often producing non-viable outputs (“credible researchers soon found that the exploit was not only non-viable but had been generated by an LLM”).
Indicators of Compromise
- [Malware/Tools ] documented LLM-related tools and PoCs – MalTerminal, PromptLock (PoC LLM-enabled ransomware/tooling), and QUIETVAULT, Amos Stealer (LLM-assisted stealer examples).
- [Domains/URLs ] abused provider domains and exfiltration endpoints – https://[.]com (SEO-poisoned LLM provider conversations used to deliver Amos Stealer), github[.]com (used as destination for exfiltrated Base64-encoded data via newly created repositories).
- [File names ] multilingual sensitive-file indicators used in triage – “Fatura” (Turkish for “Invoice”), “Rechnung” (German for “Invoice”) referenced as examples of files LLMs can identify as financially sensitive.
- [RaaS/Actor names ] threat actor and service names observed in context – Global Group (advertised “AI-Assisted Chat”), and references to brands/crews like LockBit and Babuk2 used in spoofing or ecosystem context.
- [Tooling names ] peripheral AI-augmented infrastructure used by IABs and spammers – SpamGPT, BruteForceAI, AIO Callcenter (tools cited as used for payload distribution and automated pressure campaigns).
Read more: https://www.sentinelone.com/labs/llms-ransomware-an-operational-accelerator-not-a-revolution/