A new ransomware named PromptLock has emerged, utilizing AI technology to wreak havoc on machines. This software, which reportedly employs OpenAI’s gpt-oss-20b, does not require constant internet access to function effectively.

According to Eset Research (via Tom’s Hardware), the ransomware generates malicious Lua scripts dynamically using the Ollama API and executes them directly on the infected device.

The AI-powered feature is a significant point of concern here. Unlike traditional ransomware manifested through hacker-generated scripts, PromptLock operates by crafting prompts and executing them as scripts right on a user’s device. Eset indicates that this malware could “exfiltrate data, encrypt it, or potentially destroy it,” although the destructive functions appear to be unactivated at this point.

Notably, running this ransomware locally helps it avoid easy detection, since it does not connect to online resources for functionality. The presence of a Bitcoin address believed to belong to Satoshi Nakamoto in the discovered prompts further complicates the situation.

Eset’s findings suggest that PromptLock is likely a proof of concept, indicating that more sophisticated AI-driven ransomware could be on the horizon. To mitigate risks, users are advised to only download and execute files from trusted sources. Avoiding local AI deployments may also help circumvent threats from this specific ransomware.

As AI advances, creating tools for both attack and defense may lead us into a realm reminiscent of science fiction where opposing AIs compete for control.