A New Era of Cyber Threats

ESET Research has uncovered a groundbreaking development in the world of cybercrime: PromptLock, the first known ransomware powered by artificial intelligence. This proof-of-concept malware represents a major shift in how ransomware is created and deployed, using AI to dynamically generate malicious scripts that adapt to their environment.

What Is PromptLock?

PromptLock uses a locally hosted AI model—gpt-oss-20b via the Ollama API—to generate Lua scripts that:

  • Scan and analyse the local filesystem
  • Identify and exfiltrate sensitive data
  • Encrypt targeted files

Written in Golang, PromptLock is cross-platform, with variants for both Windows and Linux. Although it hasn’t yet been seen in active attacks, its capabilities signal a future where AI-driven ransomware becomes increasingly common.

Why AI Matters in Ransomware

AI allows malware to:

  • Automate complex tasks
  • Adapt to different environments
  • Evade traditional detection methods
  • Scale attacks with minimal human input

This lowers the barrier for cybercriminals, enabling even low-skilled actors to deploy sophisticated threats.

The Bigger Picture: AI in Cybercrime

PromptLock is part of a broader trend highlighted in ESET’s H1 2025 Threat Report. Other emerging threats include:

  • ClickFix and FakeCaptcha: New social engineering tactics
  • Malware disguised as AI tools: Fake ChatGPT and Midjourney apps used to deliver ransomware and info-stealers
  • Ransomware turf wars: Gangs turning on each other in a bid for dominance

How CyberProtect Helps You Stay Safe

At CyberProtect, we offer advanced cybersecurity services designed to protect your business from threats like PromptLock and beyond.

Dark Web Monitoring

We proactively scan the dark web for leaked credentials, sensitive data, and emerging threats targeting your organization. If we find anything, you’re alerted immediately with expert guidance on next steps.

Managed Detection & Response (MDR)

Our MDR service provides 24/7 monitoring, threat detection, and rapid response—powered by AI-enhanced analytics to catch threats early and stop them fast.

Vulnerability Scanning

One of the most effective ways to prevent ransomware is to identify and fix weaknesses before attackers exploit them. Our vulnerability scanning service:

  • Detects outdated software, misconfigurations, and exposed services
  • Prioritizes risks based on severity and exploitability
  • Provides actionable remediation guidance
  • Helps maintain compliance with industry standards

By regularly scanning your systems, you reduce the attack surface and make it significantly harder for ransomware—AI-powered or otherwise—to gain a foothold.

Security Awareness Training

We equip your team with the knowledge to recognize phishing, social engineering, and other ransomware delivery methods—reducing human error and strengthening your first line of defense.

Final Thoughts

PromptLock may be a prototype today, but it’s a clear sign of what’s coming. AI-powered ransomware is no longer science fiction—it’s a real and growing threat. With CyberProtect, you can stay one step ahead, protecting your business with intelligent, proactive cybersecurity solutions.

Related Posts

Get a free consultation.

Office

Communico House, Vale Road, Heaton Mersey, Stockport, SK4 3QR

Email us

info@cyberprotect.tech
support@cyberprotect.tech

Call us

0161 442 2603