First AI-Powered Ransomware “PromptLock” Discovered Using Local Large Language Model

First AI-Powered Ransomware “PromptLock” Discovered Using Local Large Language Model

researchers have identified what they describe as the first known ransomware to incorporate generative AI technology. The malware, named PromptLock, utilizes a local instance of a large language model (LLM) to generate scripts that change behavior dynamically—making detection and mitigation significantly more difficult.

How It Works:

• Local AI Execution: PromptLock uses the gpt-oss:20b model from OpenAI, running locally via the Ollama API, which prevents detection through external API tracking.

• Dynamic Script Generation: The ransomware employs Lua scripts, generated in real-time based on hard-coded prompts. These scripts perform a variety of tasks across Windows, macOS, and Linux environments.

• Ransomware Capabilities:
  

  • Scans and enumerates the local file system

  • Exfiltrates selected files

  • Encrypts files based on specific criteria

  • (Destructive functionality is mentioned but not yet implemented)

Why Lua?

Although Lua is commonly associated with gaming platforms and lightweight plugins, its general-purpose capabilities make it useful for cross-platform ransomware operations. It also allows for “non-deterministic” script behavior—meaning scripts can differ each time they are generated, even with the same input. This makes heuristic-based detection more challenging.

Evasion Tactics:

By generating scripts on the fly using a local LLM, PromptLock avoids leaving behind consistent signatures. Traditional endpoint protection tools like Microsoft Defender may have difficulty recognizing it due to the unique code variation in each instance.

Implications:

The use of local AI for malicious code generation marks a new phase in cyber threats. It may complicate conventional defense strategies that rely on pattern recognition and centralized threat intelligence.