Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the thegem domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/j8p72agj2cgw/fanaticalfuturist.com/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-2fa domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/j8p72agj2cgw/fanaticalfuturist.com/wp-includes/functions.php on line 6121
First of a kind Ransomware with an AI Engine discovered by researchers – Matthew Griffin | Keynote Speaker & Master Futurist
Scroll Top

First of a kind Ransomware with an AI Engine discovered by researchers

WHY THIS MATTERS IN BRIEF

Ransomware is already a scourge on businesses, but now it’s got a major AI upgrade to make it harder to spot and defeat.

 

Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trendsconnect, watch a keynote, or browse my blog.

It was probably inevitable — analysts have spotted the first known ransomware strain powered by Artificial intelligence.  ESET malware researchers Anton Cherepanov and Peter Strycek discovered the emerging strain, which they have named “PromptLock.” Although it has not yet been observed in active cyberattacks, the researchers said the PromptLock ransomware appears to be under development and nearly ready to be unleashed onto the threat landscape.

 

RELATED
CEO of the world's largest ad firm targeted by Deepfake scam

 

While threat actors have used Generative AI tools to develop malware, PromptLock appears to be the first case of ransomware that uses an AI model as its engine. In a post on LinkedIn, Cherepanov reported that PromptLock leverages the gpt-oss:20b model from OpenAI locally using the Ollama API to be able to create new scripts on the fly and in real time.

In the LinkedIn post, Cherepanov said the ransomware script is currently able to exfiltrate files and encrypt data, and it’s in the process of being upgraded to destroy files.

 

The Future of Cyber Threats and Defense, by Keynote Matthew Griffin

 

“While multiple indicators suggest that the sample is a proof-of-concept (PoC) or a work-in-progress rather than an operational threat in the wild, we believe it is crucial to raise awareness within the cybersecurity community about such emerging risks,” he added.

In a statement the ESET researchers explained how the AI-driven ransomware could pose problems for defenders, “PromptLock uses Lua scripts generated by AI, which means that indicators of compromise (IoCs) may vary between executions,” the statement said. “This variability introduces challenges for detection. If properly implemented, such an approach could significantly complicate threat identification and make defenders’ tasks more difficult.”

 

RELATED
Is this the first recorded incident of Robo-Suicide?

 

Cherepanov and Strycek will continue to dig in on PromptLock but wanted to alert cyber defenders quickly to the threat. In fact, Cherepanov said they shared their findings on social media just 18 hours after samples of the ransomware strain were picked up on VirusTotal.

“We don’t know who created the malware, but we do know that it was uploaded to VirusTotal from the United States,” the ESET researchers said in a statement.

In a series of posts on social media platform X, ESET noted that PromptLock is written in the Go programming language and that variants for Windows and Linux systems were both uploaded to VirusTotal. Additionally, ESET noted that the ransomware’s Bitcoin address for payments appears to belong to the mysterious Bitcoin creator Satoshi Nakamoto.

 

RELATED
Ethereum falls after rumours of new powerful ASIC emerge

 

AI tools are currently being widely used by threat actors to create compelling phishing content and malicious sites, but applying the technology to power bespoke ransomware in real time presents an entirely new challenge for defenders.

“The rise of AI-powered malware represents a new frontier in cybersecurity,” Cherepanov said. “By sharing these findings, we hope to spark discussion, preparedness, and further research across the industry.”

Related Posts

Leave a comment

Pin It on Pinterest

Share This