PromptLock AI-powered ransomware
Malware Activity
Summary
Hide ▲
Show ▼
The PromptLock ransomware strain is the first known AI-powered ransomware and was identified while still under development, which raises fresh detection risk. It can generate Lua scripts in real time, exfiltrate files, and encrypt data, and it is being upgraded to destroy files. The sample was seen as Windows and Linux variants uploaded to VirusTotal, and its behavior may vary between executions.
Related Happenings
Google Drive ransomware detection reaches general availability and turns on by default
Security Tool/Service
First: 01.04.2026 09:35
Last: 01.04.2026 09:35
Sources 1
About this happening:
**Google Drive**'s **AI-powered ransomware detection** has reached **general availability** and is now **enabled by default** for paying users, expanding automatic protection for...
Google Drive ransomware detection reaches general availability and turns on by default
Security Tool/ServiceAbout this happening: **Google Drive**'s **AI-powered ransomware detection** has reached **general availability** and is now **enabled by default** for paying users, expanding automatic protection for...
HybridPetya ransomware bootkit and Secure Boot bypass activity
Malware Activity
First: 12.09.2025 14:50
Last: 12.09.2025 14:50
Sources 1
About this happening:
**HybridPetya** is a **ransomware bootkit** that targets **UEFI-based Windows systems** by installing a malicious **EFI application** on the **EFI System Partition** and encryptin...
HybridPetya ransomware bootkit and Secure Boot bypass activity
Malware ActivityAbout this happening: **HybridPetya** is a **ransomware bootkit** that targets **UEFI-based Windows systems** by installing a malicious **EFI application** on the **EFI System Partition** and encryptin...
Timeline
-
27.08.2025 16:27 1 articles · 9mo ago
PromptLock AI ransomware disclosure
Initial DisclosureESET researchers identified PromptLock, a ransomware strain they assess as under development and not yet observed in active cyberattacks. The sample uses the gpt-oss:20b model from OpenAI locally through the Ollama API to generate Lua scripts in real time, can exfiltrate files and encrypt data, and is being upgraded to destroy files; ESET also said the sample was uploaded to VirusTotal from the United States and that Windows and Linux variants were present.
Show sources
- AI-Powered Ransomware Has Arrived With 'PromptLock' — www.darkreading.com — 27.08.2025 16:27