PromptLock: The First Ransomware Built with Generative Artificial Intelligence

The constant evolution of cyber threats has reached a new level with the discovery of the first ransomware developed entirely with the support of generative artificial intelligence (AI). ESET researchers have identified and analyzed this malware, called PromptLock, which uses advanced language models such as GPT-4 to create and execute automated and sophisticated attacks in real time.

‍

What is PromptLock and how does it work?

PromptLock is ransomware written in Golang and capable of operating on multiple platforms, including Windows, Linux and MacOS. What radically distinguishes it from other ransomware is its use of the Ollama API to generate scripts in Lua using prompts, allowing the malware to:

• Decide what data to encrypt or steal based on dynamically processed instructions.
• It adapts autonomously to different environments and contexts of the infected system.
• Optimize and diversify your tactics during the attack, overcoming traditional static defenses.

This approach makes PromptLock a fluid threat that is difficult to detect, since its behavior is not defined by static code, but by instructions generated and modified in real time by AI.

‍

Impact and implications for global cybersecurity

Although PromptLock is currently a laboratory-detected proof of concept and has yet to be reported in real attacks, it marks a worrying milestone for digital security. Its existence indicates that:

• La automation of attack will allow actors with less technical knowledge to develop sophisticated attacks.
• Traditional defense systems, based on known signatures and patterns, will be increasingly less effective in the face of generative and polymorphic attacks.
• The use of AI accelerates the proliferation of ransomware, expanding its reach and complexity.

This change redefines the cybercrime landscape, accelerating the democratization of offensive tools and boosting faster, more accurate and adaptive attacks.

‍

Measures and recommendations to protect yourself from AI-powered ransomware

Faced with this new reality, organizations must strengthen their cybersecurity strategies by betting on advanced solutions and practices:

• Implement behavior-based detection and heuristic analysis to identify suspicious activity not recognized by firms.
• Apply strict segmentation of networks and privileges to limit lateral movements and minimize potential damage.
• Update and reinforce backups regularly to recover data without giving in to ransom demands.
• Train technical teams and users in new attack modalities, including the use of AI and evasion techniques.
• Collaborate with experts and technology providers that integrate defensive artificial intelligence and advanced detection.

‍

🛡️ Contact Apolo Cybersecurity for a comprehensive audit and protect your business against the next generation of digital threats.

PromptLock opens a disturbing chapter in the history of malware: the combination of generative artificial intelligence and ransomware can transform cybercrime into an exponentially more dangerous and widespread threat. This advance requires companies and public administrations to urgently update their defense frameworks, combining technological innovation, continuous training and robust digital resilience policies.

Is your organization ready to face AI-powered ransomware?

‍