The discovery of PromptLock shows how malicious use of AI models could supercharge ransomware and other threats
26 Aug 2025
•
,
2 min. read
This supports our belief that PromptLock was a proof of concept rather than fully operational malware deployed in the wild. Nonetheless, our findings remain valid – the discovered samples represent the first known case of AI-powered ransomware.
ESET researchers have discovered what is the first known AI-powered ransomware. The malware, which ESET has named PromptLock, has the ability to exfiltrate, encrypt and possibly even destroy data, though this last functionality appears not to have been implemented in the malware yet.
While PromptLock was not spotted in actual attacks and is instead thought to be a proof-of-concept (PoC) or a work in progress, ESET’s discovery shows how malicious use of publicly-available AI tools could supercharge ransomware and other pervasive cyberthreats.
“The PromptLock malware uses the gpt-oss-20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes. PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption,” said ESET researchers.
“The PromptLock ransomware is written in Golang, and we have identified both Windows and Linux variants uploaded to VirusTotal,” added the researchers. Golang is a highly versatile, cross-platform programming language that has also gained popularity among malware authors in recent years.
Bound to happen
AI models have made it child’s play to craft convincing phishing messages, as well as deepfake images, audio and video. The ready availability of these tools also drastically lowers the barrier to entry for less tech-savvy attackers, allowing them to punch above their weight.
Meanwhile, the ransomware scourge has, over the years, tested the cyber-mettle of countless organizations, with this type of malware also increasingly deployed by APT groups. As AI is already used by all types of threat actors to varying degrees, it’s also set to help power an increase in the volume and impact of ransomware attacks.
Regardless of the intent behind PromptLock, its discovery points to how AI tools can be used to automate various stages of ransomware attacks, from reconnaissance to data exfiltration, at a speed and scale once thought impossible. The prospect of AI-powered malware that can, among other things, adapt to the environment and change its tactics on the fly may generally represent a new frontier in cyberattacks.
IoCs
Files
| SHA-1 | Detection | Description |
| 24BF7B72F54AA5B93C66 |
Linux/Filecoder.PromptLock.A | PromptLock sample |
| AD223FE2BB4563446AEE |
Linux/Filecoder.PromptLock.A | PromptLock sample |
| BB8FB75285BCD151132A |
Linux/Filecoder.PromptLock.A | PromptLock sample |
| F3F4C40C344695388E10 |
Linux/Filecoder.PromptLock.A | PromptLock sample |
| 639DBC9B365096D63471 |
WinGo/Filecoder.PromptLock.A | PromptLock sample |
| 161CDCDB46FB8A348AEC |
WinGo/Filecoder.PromptLock.A | PromptLock sample |
| 8C7BCAFCE90F5FB12113 |
WinGo/Filecoder.PromptLock.A | PromptLock sample |
