ESET Discovers “PromptLock”: Ransomware Hazard Powered by AI
We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!
Quick Read
- ESET uncovers AI-powered ransomware known as “PromptLock”.
- PromptLock creates harmful scripts in real-time on compromised systems.
- The ransomware serves as a proof-of-concept and isn’t entirely operational yet.
- Utilizes the GPT-OSS:20b AI model through the Ollama API for script generation.
- Employs SPECK 128-bit encryption to scramble files.
- Compatible with Windows, macOS, and Linux systems.
- The Bitcoin address in use is connected to Satoshi Nakamoto.
Introduction to PromptLock: A Novel AI-Driven Hazard
In an unprecedented finding, the Slovakian cyber security company ESET has unveiled “PromptLock”, the first artificial intelligence-enhanced ransomware known. This groundbreaking malware dynamically creates harmful scripts on compromised devices, posing a new challenge in the field of cybersecurity.
Functionality of PromptLock
Presently, PromptLock seems to be a proof-of-concept and has not been fully operational or broadly deployed. Developed in Go, this ransomware connects to OpenAI’s GPT-OSS:20b AI model using the Ollama API to produce Lua scripts. These scripts can scan the local filesystem, analyze targeted files, exfiltrate information, and encrypt data.
Encryption Method
PromptLock utilizes the SPECK 128-bit encryption algorithm, crafted by the US National Security Agency, for rapid file encryption. This mechanism ensures that any exfiltrated data remains obscured from unauthorized users.
Compatibility Across Platforms
The malware is architected to function across various platforms, including Windows, macOS, and Linux. This extensive compatibility amplifies the potential consequences of its implementation.
Possible Threats and Signs
While PromptLock demonstrates notable potential as a ransomware solution, several attributes, including its damaging capabilities, are still unimplemented. Importantly, the Bitcoin address associated with the AI prompt is tied to Satoshi Nakamoto, adding an intriguing facet to its story.
Conclusion
PromptLock signifies a considerable progression in ransomware, harnessing AI technology to create threats dynamically. Although still in development, its cross-platform compatibility and sophisticated encryption strategies underscore the potential for a new category of advanced cyber threats.
Q: What is PromptLock?
A:
PromptLock is the initial AI-driven ransomware discovered by ESET, created to dynamically produce malicious scripts on infected systems.
Q: How does PromptLock produce scripts?
A:
It connects to the GPT-OSS:20b AI model through the Ollama API for generating Lua scripts that can execute various harmful actions.
Q: Is PromptLock truly a threat?
A:
Currently, PromptLock is regarded as a proof-of-concept and is not entirely operational or extensively deployed.
Q: What platforms are impacted by PromptLock?
A:
PromptLock operates across multiple platforms, effective on Windows, macOS, and Linux systems.
Q: What encryption technique is employed by PromptLock?
A:
It applies the SPECK 128-bit encryption algorithm to encrypt files.
Q: What is the relevance of the Bitcoin address utilized by PromptLock?
A:
The associated Bitcoin address is linked to Satoshi Nakamoto, the elusive inventor of Bitcoin, adding intrigue to its origins.
