Emergence of AI-Powered Ransomware Strain PromptLock
Summary
Hide ▲
Show ▼
A new AI-powered ransomware strain, named PromptLock, has been identified by ESET researchers. The ransomware leverages an AI model to generate Lua scripts on the fly, complicating detection and defense. PromptLock is not yet active in the wild but is nearly ready for deployment. It can exfiltrate files and encrypt data, with plans to add file destruction capabilities. The ransomware was uploaded to VirusTotal from the United States and is written in Go, targeting both Windows, Linux, and macOS systems. The Bitcoin address used for ransom payments is linked to Satoshi Nakamoto. The development of AI-driven ransomware presents new challenges for cybersecurity defenders. The ransomware strain was discovered by Anton Cherepanov and Peter Strycek, who shared their findings on social media 18 hours after detecting samples on VirusTotal. The use of AI in ransomware introduces variability in indicators of compromise (IoCs), making detection more difficult. PromptLock uses the SPECK 128-bit encryption algorithm to lock files and can generate custom notes based on the files affected and the type of infected machine. The attacker can establish a proxy or tunnel from the compromised network to a server running the Ollama API with the gpt-oss-20b model.
Timeline
-
27.08.2025 16:27 2 articles · 1mo ago
AI-Powered Ransomware Strain PromptLock Discovered
ESET researchers Anton Cherepanov and Peter Strycek identified a new AI-powered ransomware strain named PromptLock. The ransomware leverages the gpt-oss:20b model from OpenAI via the Ollama API to generate Lua scripts in real-time, complicating detection. It can exfiltrate files and encrypt data, with plans to add file destruction capabilities. The ransomware was uploaded to VirusTotal from the United States and targets Windows, Linux, and macOS systems. The Bitcoin address used for ransom payments is linked to Satoshi Nakamoto. PromptLock uses the SPECK 128-bit encryption algorithm to lock files and can generate custom notes based on the files affected and the type of infected machine. The attacker can establish a proxy or tunnel from the compromised network to a server running the Ollama API with the gpt-oss-20b model.
Show sources
- AI-Powered Ransomware Has Arrived With 'PromptLock' — www.darkreading.com — 27.08.2025 16:27
- Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model — thehackernews.com — 27.08.2025 20:07
Information Snippets
-
PromptLock is the first known ransomware strain powered by AI, leveraging the gpt-oss:20b model from OpenAI via the Ollama API.
First reported: 27.08.2025 16:272 sources, 2 articlesShow sources
- AI-Powered Ransomware Has Arrived With 'PromptLock' — www.darkreading.com — 27.08.2025 16:27
- Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model — thehackernews.com — 27.08.2025 20:07
-
The ransomware can exfiltrate files and encrypt data, with plans to add file destruction capabilities.
First reported: 27.08.2025 16:272 sources, 2 articlesShow sources
- AI-Powered Ransomware Has Arrived With 'PromptLock' — www.darkreading.com — 27.08.2025 16:27
- Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model — thehackernews.com — 27.08.2025 20:07
-
PromptLock is written in Go and targets both Windows and Linux systems.
First reported: 27.08.2025 16:272 sources, 2 articlesShow sources
- AI-Powered Ransomware Has Arrived With 'PromptLock' — www.darkreading.com — 27.08.2025 16:27
- Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model — thehackernews.com — 27.08.2025 20:07
-
The ransomware's Bitcoin address is linked to Satoshi Nakamoto.
First reported: 27.08.2025 16:271 source, 1 articleShow sources
- AI-Powered Ransomware Has Arrived With 'PromptLock' — www.darkreading.com — 27.08.2025 16:27
-
The AI-driven approach introduces variability in indicators of compromise (IoCs), complicating detection.
First reported: 27.08.2025 16:272 sources, 2 articlesShow sources
- AI-Powered Ransomware Has Arrived With 'PromptLock' — www.darkreading.com — 27.08.2025 16:27
- Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model — thehackernews.com — 27.08.2025 20:07
-
The ransomware was uploaded to VirusTotal from the United States.
First reported: 27.08.2025 16:272 sources, 2 articlesShow sources
- AI-Powered Ransomware Has Arrived With 'PromptLock' — www.darkreading.com — 27.08.2025 16:27
- Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model — thehackernews.com — 27.08.2025 20:07
-
ESET researchers shared their findings on social media 18 hours after detecting samples on VirusTotal.
First reported: 27.08.2025 16:271 source, 1 articleShow sources
- AI-Powered Ransomware Has Arrived With 'PromptLock' — www.darkreading.com — 27.08.2025 16:27
-
PromptLock leverages the gpt-oss:20b model from OpenAI via the Ollama API to generate Lua scripts in real-time.
First reported: 27.08.2025 20:071 source, 1 articleShow sources
- Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model — thehackernews.com — 27.08.2025 20:07
-
The ransomware can generate custom notes based on the files affected and the type of infected machine.
First reported: 27.08.2025 20:071 source, 1 articleShow sources
- Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model — thehackernews.com — 27.08.2025 20:07
-
PromptLock uses the SPECK 128-bit encryption algorithm to lock files.
First reported: 27.08.2025 20:071 source, 1 articleShow sources
- Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model — thehackernews.com — 27.08.2025 20:07
-
PromptLock is assessed to be a proof-of-concept (PoC) rather than a fully operational malware deployed in the wild.
First reported: 27.08.2025 20:071 source, 1 articleShow sources
- Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model — thehackernews.com — 27.08.2025 20:07
-
PromptLock can function on Windows, Linux, and macOS.
First reported: 27.08.2025 20:071 source, 1 articleShow sources
- Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model — thehackernews.com — 27.08.2025 20:07
-
The attacker can establish a proxy or tunnel from the compromised network to a server running the Ollama API with the gpt-oss-20b model.
First reported: 27.08.2025 20:071 source, 1 articleShow sources
- Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model — thehackernews.com — 27.08.2025 20:07
Similar Happenings
XCSSET macOS Malware Targets Xcode Developers with Enhanced Features
A new variant of the XCSSET macOS malware has been detected, targeting Xcode developers with enhanced features. This variant includes improved browser targeting, clipboard hijacking, and persistence mechanisms. The malware spreads by infecting Xcode projects, stealing cryptocurrency, and browser data from infected devices. The malware uses run-only compiled AppleScripts for stealthy execution and employs sophisticated encryption and obfuscation techniques. It incorporates new modules for data exfiltration, persistence, and clipboard monitoring. The malware has been observed in limited attacks, with Microsoft sharing findings with Apple and GitHub to mitigate the threat. Developers are advised to keep macOS and apps up to date and inspect Xcode projects before building them.
SonicWall MySonicWall Breach Exposes Firewall Configuration Files
SonicWall has released a firmware update to remove rootkit malware from SMA 100 series devices, following a breach that exposed firewall configuration backup files. The breach, caused by brute-force attacks, affected less than 5% of customers and may have exposed sensitive information. SonicWall has advised customers to reset credentials and update secrets. Additionally, the Akira ransomware group has been targeting unpatched SonicWall devices, exploiting a year-old security flaw (CVE-2024-40766) and bypassing MFA on VPN accounts using previously stolen OTP seeds. There is no evidence that threat actors have leveraged exposed data against impacted customers in attacks at this time. In September 2025, SonicWall disclosed a security breach affecting MySonicWall accounts, resulting in the exposure of firewall configuration backup files for less than 5% of its customers. The breach, caused by a series of brute-force attacks, could facilitate easier exploitation of SonicWall firewalls by threat actors. SonicWall has advised customers to reset credentials, update secrets, and follow detailed guidance to mitigate potential risks. The company has cut off attackers' access and is collaborating with cybersecurity and law enforcement agencies. The exposed files may contain sensitive information, such as credentials and tokens, for services running on SonicWall devices. Additionally, the Akira ransomware group has been targeting unpatched SonicWall devices, exploiting a year-old security flaw (CVE-2024-40766) and bypassing MFA on VPN accounts using previously stolen OTP seeds. SonicWall confirmed that attackers accessed the API service for cloud backup and there is no evidence that threat actors have leveraged exposed data against impacted customers in attacks at this time. The threat actor UNC6148 has been deploying the OVERSTEP malware, a previously unknown persistent backdoor/user-mode rootkit, to maintain persistent access, steal sensitive credentials, and conceal its own components. The malware modifies the appliance's boot process to evade detection and hide files and activity. UNC6148 may have used an unknown zero-day remote code execution vulnerability to deploy OVERSTEP on SonicWall SMA appliances. Potential vulnerabilities exploited by UNC6148 include CVE-2021-20038, CVE-2024-38475, CVE-2021-20035, CVE-2021-20039, and CVE-2025-32819. SonicWall has advised customers to look for signs of compromise, such as gaps or deletions in SMA logs, unexpected appliance reboots, persistent admin sessions, unauthorized configuration changes, and reoccurring access following patching or resets. CISA recommends upgrading firmware, replacing and rebuilding SMA 500v, resetting OTP bindings, enforcing MFA, resetting passwords, and replacing certificates with private keys stored on the appliance.
HybridPetya Ransomware Bypasses UEFI Secure Boot via CVE-2024-7344
HybridPetya ransomware, which can bypass UEFI Secure Boot via CVE-2024-7344, has been discovered. The ransomware resembles Petya/NotPetya and exploits a flaw in the Howyar Reloader UEFI application to deploy a malicious EFI application. It encrypts the Master File Table (MFT) on NTFS-formatted partitions and includes a bootkit and installer. The ransomware was first uploaded to VirusTotal in February 2025 and has received payments totaling $183.32. HybridPetya incorporates characteristics from both Petya and NotPetya, using a bootkit with three states: ready for encryption, already encrypted, and decrypted after ransom payment. It uses the Salsa20 encryption algorithm and creates a counter file to track encrypted disk clusters. The ransom note demands $1,000 in Bitcoin, and the decryption process involves recovering legitimate bootloaders. The ransomware exploits a flaw in Microsoft-signed applications to bypass Secure Boot and deploy bootkits. It replaces the original Windows bootloader and removes the default bootloader file. The ransomware triggers a BSOD and forces a system reboot to execute the malicious bootkit, displaying a fake CHKDSK message during encryption. Upon completion, it demands a Bitcoin payment and provides a 32-character key for decryption and system restoration. Microsoft fixed CVE-2024-7344 with the January 2025 Patch Tuesday, protecting updated Windows systems from HybridPetya. Offline backups are recommended as a solid practice against ransomware.
SVG Files Used in Phishing Attacks Impersonating Colombian Judicial System
A malware campaign uses SVG files to deploy Base64-encoded phishing pages impersonating the Colombian judicial system. The SVG files are distributed via email and execute a JavaScript payload to inject a phishing page. The campaign has been active since mid-August 2025, with 523 undetected SVG files identified by VirusTotal. The phishing pages simulate a document download process while downloading a ZIP archive in the background. The ZIP file contains a legitimate executable, a malicious DLL, and two encrypted files. The malicious DLL is sideloaded to install further malware on the system. The campaign highlights the evolving tactics of attackers, who use obfuscation and polymorphism to evade detection. The phishing pages target users by impersonating official government portals, increasing the likelihood of successful attacks. The disclosure coincides with reports of macOS systems being targeted by the Atomic macOS Stealer (AMOS), which steals a wide range of sensitive data. Attackers use cracked software and ClickFix-style tactics to infect macOS devices, exposing businesses to credential stuffing and financial theft.
APT28 deploys NotDoor backdoor via Microsoft Outlook
APT28, a Russian state-sponsored threat group, has been identified deploying a new backdoor malware named NotDoor through Microsoft Outlook. This malware exploits Outlook to facilitate covert communication, data exfiltration, and malware delivery. The backdoor is triggered by specific words in incoming emails, allowing attackers to execute commands on the victim's computer. NotDoor is distributed via a legitimate signed binary, Microsoft's OneDrive.exe, which is vulnerable to DLL sideloading. The malware uses PowerShell commands encoded in Base64 to perform various functions, including disabling macro security defenses and enabling macro execution. The backdoor maintains persistent access to the targeted system and can initiate data exfiltration through email attachments or upload malicious files. The malware has been used to target multiple companies from different sectors in NATO member countries. It creates a staging folder at %TEMP%\Temp to store and exfiltrate files, and supports commands for executing commands, exfiltrating files, and uploading files to the victim's computer.