ESET researchers discovered PromptLock, the first known AI-powered ransomware proof-of-concept that uses a local gpt-oss-20b model via the Ollama API to generate and execute malicious Lua scripts for enumeration, exfiltration and encryption. The malware is written in Golang with both Windows and Linux samples uploaded to VirusTotal, highlighting how publicly available AI tools can automate and scale ransomware activities. #PromptLock #gpt-oss-20b
Keypoints
- ESET discovered PromptLock, described as the first known AI-powered ransomware, though it appears to be a proof-of-concept rather than observed in real-world attacks.
- PromptLock uses the gpt-oss-20b model locally via the Ollama API to generate malicious Lua scripts on the fly from hard-coded prompts.
- Generated Lua scripts perform filesystem enumeration, inspect target files, exfiltrate selected data, and carry out encryption operations.
- The ransomware is implemented in Golang and researchers identified both Windows and Linux variants uploaded to VirusTotal.
- ESET’s findings demonstrate how AI tools can lower the barrier for attackers and automate stages of ransomware attacks from reconnaissance through exfiltration and encryption.
- The malware includes functionality that could potentially destroy data, though that destructive feature does not appear implemented in the observed samples.
- The discovery underscores a new frontier where AI-driven malware could adapt tactics dynamically and scale impact across targets.
MITRE Techniques
- [T1083] File and Directory Discovery – Used to enumerate the local filesystem via generated Lua scripts (“…enumerate the local filesystem…”).
- [T1005] Data from Local System – Lua scripts inspect and collect target files for exfiltration (“…inspect target files, exfiltrate selected data…”).
- [T1041] Exfiltration Over C2 Channel – The malware exfiltrates selected data (“…exfiltrate selected data…”).
- [T1486] Data Encrypted for Impact – Performs encryption of files as part of its ransomware behavior (“…perform encryption”).
- [T1059] Command and Scripting Interpreter – Generates and executes Lua scripts on the fly using AI-generated code (“…generate malicious Lua scripts on the fly, which it then executes.”).
- [T1055] Process Injection (potential/related) – Golang cross-platform binary behavior and dynamic script execution imply runtime code execution techniques though direct injection was not explicitly confirmed (“…generate and execute scripts…”).
Indicators of Compromise
- [File Hash SHA-1] PromptLock samples found on VirusTotal – 24BF7B72F54AA5B93C6681B4F69E579A47D7C102, AD223FE2BB4563446AEE5227357BBFDC8ADA3797 (and 4 more hashes)
- [File Hash SHA-1] Additional PromptLock samples – BB8FB75285BCD151132A3287F2786D4D91DA58B8, F3F4C40C344695388E10CBF29DDB18EF3B61F7EF