AI-powered ransomware PromptLock discovered

Researchers identified a new AI-powered ransomware variant named PromptLock, written in Golang. This ransomware uses OpenAI's gpt-oss:20b model via the Ollama API to generate malicious Lua scripts in real-time, enabling it to enumerate files, exfiltrate data, and encrypt systems across Windows, Linux, and macOS.

AI-powered ransomware PromptLock discoveredAI-powered ransomware PromptLock discovered

PromptLock creates custom ransom notes based on affected files and targets various systems, including personal computers and company servers. Although the creator remains unknown, artifacts were uploaded to VirusTotal from the U.S. on August 25, 2025.

AI-powered ransomware PromptLock discoveredAI-powered ransomware PromptLock discovered

As a proof-of-concept, PromptLock employs the SPECK 128-bit encryption algorithm and introduces variability in indicators of compromise (IoCs), complicating detection. This development underscores how AI is empowering cybercriminals, even those with limited skills, to execute sophisticated attacks.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security