Full Report
The discovery of PromptLock shows how malicious use of AI models could supercharge ransomware and other threats
Analysis Summary
# Tool/Technique: PromptLock
## Overview
PromptLock is described as the "first known AI-powered ransomware." Its primary feature is its ability to leverage locally run AI models (specifically `gpt-oss-20b` via the Ollama API) to dynamically generate malicious Lua scripts on the fly. These scripts are used to perform file enumeration, inspection, data exfiltration, and encryption operations. While discovered as a potential proof-of-concept (PoC) or work in progress, it signals a future trend where AI accelerates the speed and scale of ransomware operations.
## Technical Details
- Type: Malware family (Ransomware)
- Platform: Windows and Linux (variants identified on VirusTotal)
- Capabilities: Utilizes local LLMs to generate Lua scripts for filesystem interaction, data exfiltration, and encryption. Written in Golang.
- First Seen: Discovered in August 2025 by ESET Research.
## MITRE ATT&CK Mapping
*Note: Specific, granular mappings were not provided in the text. These are inferred based on the described functionality.*
- TA0011 - Command and Control
- T1071 - Application Layer Protocol
- TA0010 - Exfiltration
- T1041 - Exfiltration Over C2 Channel
- TA0005 - Defense Evasion
- T1027 - Obfuscated Files or Information (via dynamic script generation)
- TA0003 - Persistence (Potential for future implementation)
- TA0004 - Privilege Escalation (Potential for future implementation)
## Functionality
### Core Capabilities
- **AI-Driven Script Generation:** Uses hard-coded prompts to instruct the local `gpt-oss-20b` LLM (via Ollama API) to generate functional Lua scripts.
- **Filesystem Enumeration and Inspection:** Executes generated Lua scripts to map and identify target files on the system.
- **Data Exfiltration:** Capability exists to exfiltrate selected data prior to encryption.
- **Encryption:** Core ransomware functionality for encrypting target data.
- **Cross-Platform:** Written in Golang, resulting in both Windows and Linux variants.
### Advanced Features
- **Local LLM Integration:** Executes AI logic locally, potentially reducing reliance on direct external C2 contact for core operational logic generation.
- **Dynamic Payload Creation:** Creates execution components (Lua scripts) on the fly based on internal reasoning/prompts, which may complicate signature-based detection.
- **Destruction Capability (Potential):** The article notes the malware *could* destroy data, though this functionality was not yet implemented in the identified sample.
## Indicators of Compromise
*Note: Specific IOCs were not provided in the summary text, as the malware is considered a PoC not seen in the wild.*
- File Hashes: [Not provided]
- File Names: [Not provided]
- Registry Keys: [Not provided]
- Network Indicators: [Exfiltration mechanisms are implied but not detailed/defanged]
- Behavioral Indicators: Execution of dynamically generated Lua scripts originating from a Golang binary; communication with a local Ollama API instance to execute the `gpt-oss-20b` model.
## Associated Threat Actors
- PromptLock is currently identified as a proof-of-concept or work in progress by ESET researchers. No specific threat actor group has been publicly associated with its deployment yet.
## Detection Methods
- Signature-based detection: Likely requires signatures targeting the Golang binary structure and specific dropped Lua scripts/execution chains.
- Behavioral detection: Monitoring for Golang processes dynamically executing Lua scripts, especially those invoking local API calls related to LLMs or file system manipulation at scale.
- YARA rules: Could focus on strings related to the hard-coded prompts or API wrappers used to interface with the Ollama service.
## Mitigation Strategies
- **Application Whitelisting:** Restricting the execution of unusual scripting languages like Lua, especially from unconventional locations or processes.
- **Restrict External Tool Invocation:** Monitoring and restricting the execution of tools like Ollama, if they are not standard enterprise assets.
- **Endpoint Detection and Response (EDR):** Implementing advanced behavioral monitoring to catch the chain of events: Golang binary -> LLM invocation -> Dynamic script generation -> File system tampering/exfiltration.
- **Principle of Least Privilege:** Limiting user and process access rights to reduce the scope of files that can be enumerated, exfiltrated, or encrypted.
## Related Tools/Techniques
- AI-assisted phishing campaigns (using LLMs to generate content).
- Previous Golang-based ransomware families.
- Use of legitimate system utilities (Living off the Land) to facilitate execution, often seen in modern threats.