What has been theorized for some time has finally arrived – The first known AI-powered ransomware, dubbed PromptLock by ESET Research, is alive, luckily, as work-in-progress not an active threat. We spoke to ESET researcher Anton Cherepanov, who found the malware, about how this breakthrough discovery was made and what it means for the public.
How it started
First of all, let me congratulate you on your discovery. It’s bad news for the world, but it is also another benchmark in the age of AI. How do you feel?
I feel thrilled but cautious: drawn in by the excitement, yet aware of the danger.
How did you discover this ransomware?
At ESET, we actively engage in threat hunting, aiming to uncover new and emerging threats. One of our key sources for malicious samples is VirusTotal, an online platform where users upload suspicious files to be scanned by multiple antivirus engines. As part of my daily responsibilities, I review newly uploaded malware samples on VirusTotal to identify novel or undetected threats.
Image: One of the promts used in PromptLock ransomware.
How could you reconstruct the prompts used to write the malware?
We analyzed the malware code and extracted prompts embedded within it. These prompts were hardcoded into the malware, meaning they are static and do not change across executions.
How can you be so certain that the malware was created by the OpenAI gpt-oss:20b model?
The malware code contains references to the gpt-oss:20b model.
How capable the ransomware is
What can this ransomware do?
The PromptLock malware contains embedded prompts that it sends to the gpt-oss:20b model to generate Lua scripts. Although the prompts are static, the generated scripts can vary with each execution. Additionally, the malware exhibits non-deterministic behavior based on the user files it discovers. However, we believe that in the most likely scenario, the malware exfiltrates files and subsequently encrypts them using the SPECK 128-bit encryption algorithm.
Would you describe it as sophisticated malware or rather simple code that even a novice cybercriminal could write?
Although it shows a certain level of sophistication and novelty, the current implementation does not pose a serious threat.
Could ESET solutions stop it?
While the generated Lua scripts may vary from run to run, the executables responsible for generating them remain consistent. Robust security solutions can flag these executables as malicious.
What are your predictions about the future of ransomware in the Age of AI?
It is almost certain that cybercriminals will leverage AI to create new ransomware families.
What does it mean for the public?
For the public, this means that ransomware will likely become more sophisticated, faster spreading, and harder to detect. Attacks could target not just large organizations but also individuals, small businesses, and even critical infrastructure. The average person may face higher risks of data theft, financial loss, and service disruptions. This makes cybersecurity awareness, regular backups, and stronger digital hygiene more important than ever.
