A New Era of Cyber Threats

ESET Research has uncovered a groundbreaking development in the world of cybercrime: PromptLock, the first known ransomware powered by artificial intelligence. This proof-of-concept malware represents a major shift in how ransomware is created and deployed, using AI to dynamically generate malicious scripts that adapt to their environment.

What Is PromptLock?

PromptLock uses a locally hosted AI model—gpt-oss-20b via the Ollama API—to generate Lua scripts that:

  • Scan and analyse the local filesystem

  • Identify and exfiltrate sensitive data

  • Encrypt targeted files

Written in Golang, PromptLock is cross-platform, with variants for both Windows and Linux. Although it hasn’t yet been seen in active attacks, its capabilities signal a future where AI-driven ransomware becomes increasingly common.

Why AI Matters in Ransomware

AI allows malware to:

  • Scan and analyse the local filesystem

  • Identify and exfiltrate sensitive data

  • Encrypt targeted files

This lowers the barrier for cybercriminals, enabling even low-skilled actors to deploy sophisticated threats.

The Bigger Picture: AI in Cybercrime

PromptLock is part of a broader trend highlighted in ESET’s H1 2025 Threat Report. Other emerging threats include:

  • Automate complex tasks

  • Adapt to different environments

  • Evade traditional detection methods

  • Scale attacks with minimal human input

This lowers the barrier for cybercriminals, enabling even low-skilled actors to deploy sophisticated threats.

How CyberProtect Helps You Stay Safe

At CyberProtect, we provide advanced cybersecurity services to protect your business from ransomware attacks like PromptLock and many others.

Dark Web Monitoring

We scan the dark web for leaked credentials, stolen data and new threats linked to your organisation. If we find anything, you get an immediate alert along with expert advice on what to do next.

Managed Detection & Response (MDR)

Our MDR service offers 24/7 monitoring and rapid response. Using AI-driven analytics, we detect suspicious activity early and stop threats before they spread.

Vulnerability Scanning

The best way to prevent ransomware is to close security gaps before attackers find them. Our scanning service:

  • Finds outdated software, misconfigurations and exposed services

  • Prioritises risks by severity and likelihood of attack.

  • Provides clear, step-by-step remediation guidance.

  • Supports compliance with key industry standards.

Regular scanning reduces your attack surface and makes it much harder for ransomware. Whether AI generated or not.

Security Awareness Training

People are often the first line of defence. We train your team to spot phishing, social engineering and other ransomware delivery methods. With greater awareness, your staff can avoid common mistakes and protect your business from attacks.

Final Thoughts

PromptLock may be a prototype today, but it’s a clear sign of what’s coming. AI-powered ransomware is no longer science fiction—it’s a real and growing threat. With CyberProtect, you can stay one step ahead, protecting your business with intelligent, proactive cybersecurity solutions.

Don’t wait for a breach to expose vulnerabilities in your system.

Contact APH today to schedule a comprehensive cybersecurity assessment and fortify your defences against potential threats.

Related Posts

Get a free consultation.

Office

Communico House, Vale Road, Heaton Mersey, Stockport, SK4 3QR

Email us

info@cyberprotect.tech
support@cyberprotect.tech

Call us

0161 442 2603