Researchers Create AI-Powered “PromptLock” Ransomware
We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

Quick Read
- “PromptLock” ransomware is an academic model, not an actual danger.
- Created by NYU Tandon researchers to investigate AI-driven ransomware functions.
- Model can independently carry out entire ransomware operations.
- AI systems generate distinctive attack codes, posing challenges to conventional security frameworks.
- Study conducted ethically to underscore emerging risks from AI.
AI-Driven Ransomware: Academic Investigation Reveals Possible Threats

The “PromptLock” ransomware, revealed by cybersecurity firm ESET, is not a malicious tool but an academic research prototype created by the New York University Tandon School of Engineering. Initially thought to be a genuine threat, the prototype functions as a proof-of-concept to investigate AI-driven ransomware abilities.
Analyzing the Prototype
The NYU Tandon research group’s investigation, called “Ransomware 3.0,” illustrates how extensive language models can independently perform ransomware campaigns across various platforms, such as personal computers, enterprise servers, and industrial control systems. The study simulates all stages of an attack, ranging from system mapping to generating ransom notes, employing AI to formulate tailored attack scripts for each target.
Technical Overview
The prototype utilizes AI models to create distinctive attack codes, complicating detection by traditional security systems. Tests indicated that AI could detect 63 to 96 percent of sensitive files, varying by the environment. These scripts, functional across platforms including Windows, Linux, and Raspberry Pi, demonstrate the capability of AI to circumvent current security protocols.
Costs and Accessibility
Employing around 23,000 AI tokens for each attack, the expense totals approximately US$0.70 ($1.07). Nonetheless, open-source AI models can negate these costs, allowing less experienced individuals to perform complex attacks that formerly required considerable resources and expertise.
Ethical Considerations and Suggestions
Executed within ethical boundaries, the study aims to educate the cyber security community regarding the hazards of AI-driven attacks. Md Raz, the primary author of the research, stresses the necessity of acknowledging AI-enabled threats. The team advocates monitoring file access behaviors, regulating AI service interactions, and crafting detection techniques specifically for AI-created threats to tackle possible dangers.
Conclusion
The “PromptLock” prototype showcases the shifting dynamics of ransomware, propelled by AI technologies. While not an immediate threat, the research emphasizes the urgency for enhanced security approaches tailored to AI-generative attacks. The study acts as a call to action for the industry to gear up for future challenges posed by AI-fueled cyber threats.