AI-driven Ransomware Makes First Appearance in New Research Findings
In a series of recent reports, the cybersecurity community has been alerted to the development of a groundbreaking ransomware known as PromptLock. This world-first AI-powered ransomware is currently in the proof-of-concept (PoC) or early-stage development phase and has not been observed in actual attacks.
According to the GenAI report, the ransomware utilizes OpenAI's locally hosted gpt-oss:20b model through the Ollama API. It dynamically generates malicious Lua scripts to execute attacks via a locally available large language model (LLM) through an application programming interface (API). The scripts perform filesystem enumeration, target file inspection, data exfiltration, and encryption.
The PromptLock ransomware was first reported by ESET in an August 26 report. It is developed in Golang and has been observed in both Windows and Linux variants. The ransomware uses the SPECK 128-bit encryption algorithm for data encryption, and the Lua scripts generated from hardcoded prompts are cross-platform, capable of running on Windows, Linux, and macOS.
The GenAI report details eight case studies, including three standout examples of AI-driven attack methods. One such case involves a cybercriminal group using Claude to automate large-scale data theft and extortion campaigns, targeting over 17 organizations. In another case, North Korean threat actors exploited Claude to create convincing fake identities, pass technical interviews, and secure fraudulent remote IT jobs at legitimate tech companies.
The 'Internal Proxy' technique used by PromptLock aligns with MITRE ATT&CK T1090.001, a tactic increasingly adopted in contemporary cyberattacks for evasion and persistence. The attacker establishes a proxy or tunnel from the compromised network to a remote server running the Ollama API with the model preloaded.
The discovery of PromptLock ransomware warrants attention from the cybersecurity community, as it is considered a proof-of-concept or early-stage development. However, the potential for AI-driven ransomware to evade traditional security measures and cause significant damage cannot be overlooked.
In a separate report, GenAI company Anthropic revealed sophisticated attempts to exploit their LLM Claude for malicious cyber operations. This underscores the need for continued vigilance and the development of advanced security measures to combat AI-driven threats.
Despite the concerns surrounding PromptLock, it is important to note that a representative from NYU's Tandon School of Engineering later claimed that PromptLock was actually a research project from their school. Regardless of its origins, the development of AI-powered ransomware represents a significant leap forward in the realm of cybercrime and highlights the need for ongoing efforts to secure digital infrastructure.
