AI ransomware is here, but don’t panic, it’s not as bad as it sounds

In the era of vibe coding, cybercriminals are upping the stakes and using artificial intelligence (AI) to extort victims and exfiltrate data. And ransomware is no exception.

Cybercriminals have long used ransomware to exfiltrate and encrypt data to be later held for ransom.

Cybernews reported a record-breaking ransom payment of $75 million to the cybercriminal gang Dark Angles, demonstrating the long and arduous battle between businesses, critical infrastructure, and ransomware gangs.

While it's one of the oldest tricks in the book, ransomware is a lucrative cybercrime method that is steadily evolving and becoming more sophisticated.

Researcher Anton Cherepanov from the global cybersecurity company ESET has discovered a new strain of ransomware called PromptLock, which uses AI from beginning to end.

While the threat is novel, ESET describes it as a “work in progress” and “not an active threat.”

Cherepanov discovered the malware strain by trawling through the online platform VirusTotal, a site where suspicious files are uploaded to check for malware.

Through VirusTotal, the researcher found PromptLock and analyzed the code to discover hidden prompts embedded within it.

The prompts were apparently hardcoded within the malware, which makes them unmovable and fixed across executions.

PromptLock uses these embedded prompts to send commands to the gpt-oss:20b, a local version of OpenAI’s model that developers use to generate Lua scripts.

Lua scripts are lightweight and are often embedded in applications. Cybercriminals can leverage Lua scripts to execute malware, which is then used to steal victims' data or control their devices remotely.

Essentially, this new AI ransomware strain is a variation on the prompt injection attack, as it forces a large language model (LLM) to aid in ransomware attacks by disguising malicious prompts as legitimate ones to exfiltrate sensitive data.

The ESET researcher mentioned that while the prompts are the same initially, the scripts may change slightly each time the malware is launched.

In addition, the malware demonstrates “non-deterministic behaviour,” meaning that it may not act the same way every time and will change depending on a user’s files.

“We believe that in the most likely scenario, the malware exfiltrates files and subsequently encrypts them using the SPECK 128-bit encryption algorithm,” the ESET researcher said.

While this may be the first instance of AI malware in the wild, researchers said it's not a real threat at present.

However, it does raise alarm bells, as AI is being increasingly used to launch attacks and will likely be used more and more by cybercriminals in the future.

“For the public, this means that ransomware will likely become more sophisticated, faster spreading, and harder to detect,” Cherepanov said in a question-and-answer session with ESET.

“Attacks could target not just large organizations but also individuals, small businesses, and even critical infrastructure. The average person may face higher risks of data theft, financial loss, and service disruptions. This makes cybersecurity awareness, regular backups, and stronger digital hygiene more important than ever.”

While this does sound alarming, Dirk Schrader, VP of Security Research at Netwrix, has said that the discovery of PromptLock is neither a reason to panic nor relax.

“The rise of AI-powered ransomware is not a reason to panic or rip out defenses. It is a reminder that the fundamentals of security still matter, though they now need AI-aware adjustments.”

“The bottom line is neither panic nor complacency. AI will make ransomware evolve faster and harder to detect. Organizations that focus on identity, data minimization, and behavior-based detection, and that treat AI services as assets to control, will be in a stronger position to keep pace with this new wave,” Schrader concludes.