Full Report
Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua scripts to steal and encrypt data on Windows, macOS, and Linux systems. [...]
Analysis Summary
# Tool/Technique: PromptLock Ransomware
## Overview
PromptLock is an experimental, AI-powered ransomware discovered in a proof-of-concept stage. It is notable for leveraging OpenAI’s gpt-oss:20b large language model (LLM) via the Ollama API to dynamically generate malicious Lua scripts used for file enumeration, inspection, exfiltration, and encryption across multiple operating systems.
## Technical Details
- Type: Malware family (Ransomware)
- Platform: Windows, macOS, Linux
- Capabilities: Cross-platform encryption, dynamic script generation via LLM, data exfiltration planning.
- First Seen: Discovered on VirusTotal (Reported August 27, 2025).
## MITRE ATT&CK Mapping
Since the tool is experimental and its full deployment capabilities are not confirmed, the mapping focuses on its demonstrated functionality:
- **TA0005 - Defense Evasion**
- T1027 - Obfuscated Files or Information (Dynamic script generation can serve this purpose)
- **TA0009 - Collection**
- T1005 - Data from Local System (File enumeration)
- **TA0010 - Exfiltration**
- T1041 - Exfiltration Over C2 Channel (Implied by data exfiltration functionality)
- **TA0011 - Command and Control**
- T1090 - Proxy (Implied by connecting to the LLM server via a proxy tunnel)
- **TA0012 - Impact**
- T1486 - Data Encrypted for Impact (File encryption)
## Functionality
### Core Capabilities
- **LLM Integration:** Executes instructions by connecting via a proxy tunnel to a remote server hosting the LLM (gpt-oss:20b via Ollama API).
- **Dynamic Script Generation:** Uses hard-coded prompts to instruct the LLM to generate necessary malicious Lua scripts for operations like file enumeration and encryption.
- **Cross-Platform Operation:** Written in Golang, enabling functionality on Windows, macOS, and Linux.
- **Encryption:** Employs the SPECK 128-bit algorithm for file encryption (noted as an unusual and relatively weak choice).
### Advanced Features
- **AI-Driven Workflow:** The reliance on an LLM to generate execution scripts dynamically signifies an evolution in attack workflows, offering operational flexibility.
- **Data Destruction (Planned):** The researchers noted functionality for data destruction was present in the design but not yet implemented.
## Indicators of Compromise
- File Hashes: [Not specified in the context]
- File Names: [Not specified in the context]
- Registry Keys: [Not specified in the context]
- Network Indicators: Connection to an LLM server hosted remotely via a proxy tunnel. (Specific IPs/Domains defanged: *Not specified*)
- Behavioral Indicators: Use of Ollama API access, execution of dynamically generated Lua scripts, use of the Go language runtime.
## Associated Threat Actors
- None definitively linked, as it appears to be a proof-of-concept or leaked project.
- *Note: The article mentions **LameHug**, an LLM-powered tool believed to be deployed by Russian hackers of the **APT28** group, as a comparable, deployed example of LLM weaponization.*
## Detection Methods
- Signature-based detection: [Not specified, but would likely involve signatures for the Golang executable or known Lua script structures.]
- Behavioral detection: Monitoring outbound network connections attempting to access LLM hosting services or unexpected API usage patterns, especially concerning process behavior generating code/scripts.
- YARA rules if available: [Not specified]
## Mitigation Strategies
- **Network Monitoring:** Monitor for unusual outbound traffic destined for remote LLM endpoints, especially if associated with internal processes typically not making such calls.
- **Application Control:** Restrict or monitor the execution of dynamic code generation or interpretation tools/scripts (like Lua) initiated by unexpected processes.
- **Endpoint Security:** Maintain updated Endpoint Detection and Response (EDR) solutions capable of tracking process lineage and dynamic script execution.
- **Cipher Review:** Given the use of SPECK 128-bit, security teams might flag systems demonstrating known artifacts of this encryption method if detected.
## Related Tools/Techniques
- **LameHug:** Another LLM-powered malware that uses Hugging Face API and Alibaba’s Qwen-2.5-Coder-32B to generate shell commands on the fly, demonstrating a similar trend in AI-assisted attacks.
- **AI/LLM Weaponization:** The broader technique demonstrated by PromptLock and LameHug.