AI-Powered Ransomware: The Rise of PromptLock and the Shift in the Cyber Threat Landscape

Table of Contents

AI-Powered Ransomware: The Rise of PromptLock and the Shift in the Cyber Threat Landscape

Introduction – The Dawn of AI-Driven Malware and AI-Powered Cyberattacks

In late August 2025, cybersecurity firm ESET made a startling discovery: PromptLock, the first known AI-powered ransomware fueled by AI and AI-powered cyberattacks. Rather than depending entirely on precompiled scripts, PromptLock dynamically builds malicious code using the OpenAI gpt-oss:20b model, which is accessible locally via the Ollama API, indicating a paradigm change in malware creation.

At present, PromptLock appears to be merely proof-of-concept (PoC) that has not been implemented in live attacks. However, the possible consequences are significant, as AI-powered ransomware and AI-powered cyberattacks challenge standard techniques for threat identification and mitigation.

A Technical Breakdown of how PromptLock works

  • Architecture and Operation
    PromptLock, written in Go (Golang), is intended to be cross-platform and adaptable to Windows, Linux, and macOS. As a form of AI-powered ransomware, it introduces a modular and flexible approach that departs from traditional malware architecture.
  • Dynamic Script Generation
    Instead of precoded payloads, PromptLock employs predefined prompts that are fed into a local LLM (gpt-oss:20b). The AI model then generates Lua scripts at runtime. These scripts perform tasks such as identifying file systems, analyzing target files, extracting data, and encrypting using the lightweight SPECK 128-bit encryption.
  • Non-Deterministic Behavior
    As the LLM creates new scripts each time, PromptLock’s behavior and indications of compromise (IoCs) change between runs, giving it a moving target for detection tools.
  • Local LLM Use
    To avoid public discovery or model tracking, the LLM interacts with an Ollama server through a tunnel or proxy. This improves stealth and provides offline capabilities.
  • Potential for Destruction
    Although the code contains references to destructive functionality, ESET states that this capability has not yet been deployed.

The Import of AI-Powered Malware

Evasion of Signature-Based Defenses
A conventional antivirus application relies on file signatures. AI-generated payloads provide polymorphic code, which overcomes static detection approaches.

  1. Lowering the Barrier to Entry for Threat Actors
    With AI technologies, even those with modest technical expertise may create successful ransomware. Artificial intelligence (AI) helps facilitate cybercrime.
  2. Adaptive and Contextual Attacks
    AI enables malware to quickly adapt to system environments, choose high-value data, and alter its approach automatically.
  3. Real-World Precedents
    Alongside PromptLock, several cases highlight the expanding significance of AI in cyber threats:

    • A group known as GTG 5004 utilized Anthropic’s Claude Code to automate every stage of an attack, from scanning to extortion, and targeted important organizations.
    • In a larger change, attackers use AI to build phishing tactics, deep-fakes, and social engineering.

Global Context – AI Meets Ransomware

  • According to a new Acronis analysis, India is the top target for AI-driven attacks, accounting for 12.4% of monitored endpoints.
  • AI-powered social engineering, such as vishing (voice phishing), is expected to increase in 2025, expanding the social attack vectors for ransomware.
  • The EU’s DORA mandate improves readiness for AI-enabled risks by requiring effective detection, response, and backup systems.
  • The Ransomware 3.0 prototype investigates autonomous ransomware organized by LLMs, highlighting the need for security innovation.

Defensive Strategies Against AI-Powered Threats

Organizations must adopt the following strategies to stay ahead of adaptive malware:

Strategy Description 
Behavioral and Anomaly Detection Focus on runtime behavior rather than static signatures—especially Lua script execution. 
Monitor Outbound Traffic Investigate unauthorized connections to LLM servers or proxy tunneling that could indicate PromptLock activity. 
Endpoint Detection and Response (EDR) Deploy advanced EDR systems to catch suspicious processes and script execution. 
Network Segmentation and Access Controls Restrict lateral movement and block unauthorized API access. 
User Training and Awareness Educate teams about phishing, vishing, and AI-enhanced social engineering tactics. 
Immutable Backups and Incident Preparedness Maintain immutable or air-gapped backups; rehearse ransomware response plans. 
Regulatory Compliance Align with frameworks like DORA to ensure resilience and operational continuity.  

Conclusion – Preparing for an AI-Driven Cyber Future

PromptLock may presently exist just as a proof-of-concept, however, its ramifications are clear: AI is changing the landscape of ransomware. The combination of LLMs and malware offers stealth, flexibility, and scalability, making attacks more accessible and flexible than ever before.

Proactive, adaptive protection strategies—focused on behavior, segmentation, and detection—are critical. As AI advances, so must cybersecurity. Navigating this new frontier requires staying educated, investing in cutting-edge tools, and raising organizational awareness.

eInfochips offers comprehensive IoT solutions and services to ensure the secure development of your goods. We use numerous layers of security standards throughout the product development lifecycle. We use a secure-by-design strategy to protect products from inception. We integrate security processes across your product development life cycle, from secure-by-design to VAPT testing. This technique enables companies to deploy secure products in the open world, therefore protecting devices from infection.

eInfochips has assisted enterprises in developing, deploying, and managing security solutions on a worldwide scale by protecting their connected device networks spanning device-connectivity-application levels using strategic, transformational, and managed operations approaches. We offer a 360-degree cybersecurity experience in threat modeling and VAPT spanning devices, operating systems/firmware, web/mobile apps, data, and cloud workloads that adhere to the security industry standards, regulations, and recommendations such as NIST, ENISA, OWASP, MITRE, and the IoT Security Foundation.

Picture of Abhishek Modi

Abhishek Modi

Abhishek Modi works as an Engineer at eInfochips in the Cybersecurity domain. He has about 2.5+ years of experience in Cyber Security and Web application development including application security, Vulnerability Management, and secure code development. He has expertise in web application Vulnerability Assessment & Penetration Testing (VAPT), triaging the vulnerabilities, Hardware/IOT/Automotive security, Vulnerability Management, Threat Modelling, Risk Assessment, Compliance, and Secure Software Development Life Cycle (secure SDLC).

Explore More

View All

Talk to an Expert

Subscribe
to our Newsletter
Stay in the loop! Sign up for our newsletter & stay updated with the latest trends in technology and innovation.

Download Report

Download Sample Report

Download Brochure

Start a conversation today

Schedule a 30-minute consultation with our Automotive Solution Experts

Start a conversation today

Schedule a 30-minute consultation with our Battery Management Solutions Expert

Start a conversation today

Schedule a 30-minute consultation with our Industrial & Energy Solutions Experts

Start a conversation today

Schedule a 30-minute consultation with our Automotive Industry Experts

Start a conversation today

Schedule a 30-minute consultation with our experts

Please Fill Below Details and Get Sample Report

Reference Designs

EV Charging SECC Reference Design
Qualcomm AMR Reference Design
Scalable Traction Inverter Reference Design
NXP i.MX93 Reference Design
High Voltage BMS Reference Design
Camera Reference Designs
DC Fast Charger Reference Design
Camera Module
Edge Labs (Qualcomm Based Reference Design)
Multimedia Kit

Insights

Blogs
Case Studies
Whitepapers
Webinars

Our Work

Innovate

Transform.

Scale

Partnerships

Device Partnerships
Click heare to know more..
Digital Partnerships
Click heare to know more...
Quality Partnerships
Tricentis
Click heare to know more...
Silicon Partnerships
Click heare to know more...

Company

About Us
Leadership Team
Our Clients
Partnerships
Awards and Accolades
Corporate Responsibility
iRespectYOU

Industries

Mobility
Aerospace
Automotive
Off Road
Healthcare
Medical Devices
Pharma & Life Sciences
Digital Health
Industrial
Industrial Automation
Building Technologies
Energy & Utilities
Heavy Machinery
Robotics and Autonomous Machines
Hi-Tech
Consumer Electronics
Security
Semiconductor
Technology
Compute and Storage
ISVs & Platforms
Aerospace
Medical Devices
Automotive
Security
Consumer Electronics
Smart Retail
Energy & Utilities
Smart Spaces
Industrial Products
Semiconductors

Products & IPs

Device
Reusable Camera Framework
e-EYE
Accessories
System on Modules
Development kits
Growhouse Evaluation Kit
Digital
EIC PROPEL ™
Snapbricks Devops for IoT
Snapbricks loT Gateway Framework
Snapbricks IoT Device Lifecycle Management
Snapbricks Cloud Migration Assessment Framework (SCMAF)
RPA Assessment Framework
UX Assessment Framework
Mobile App Maturity Assessment Framework
Snapbricks DevOps Maturity Assessment Framework (SDMAF)
Snapbricks Cloud Optimization Assessment Framework (SCOAF)
RDM (Remote Device Management) SaaS Framework
Conxero
Conxero Health
Conxero EV
Cybersecurity Assessment Framework
Cyber Resilience Act Assessment Framework
RPA Assessment Framework
IoT Cybersecurity Assessment Framework
Arrow Connect Framework
Quality
Snapbricks Test Automation Framework
Model Based BDD Testing Framework
Voice Assistant Quality Automation Framework
Battery Management System Testing Framework
Agentic AI-based Testing Tool
Testbed for Avionics
Wireless Connectivity Test Automation Framework
Bluetooth Qualification Framework
Unified Test Automation framework (Web, Mobile, API)
Silicon
Verification IPs
Optix-Physical Design Framework
PerfMon- Performance Analysis Framework
DAeRT (Dft Automated Execution and Reporting Tool)
ConForum for DFT Framework
Scoreboardnetic
AMSify
Ethernet Verification IP

Services


    Device
Engineering
    Digital
Engineering
    Quality
Engineering
    Silicon
Engineering
Foundation
Services
Hardware Design
Embedded System & Software Development
Multimedia & Digital Solutions
Design to Manufacturing
Product Sustenance
Cloud
DevOps
User Experience
Full Stack
Mobility
IoT
AI & ML
Product Testing
Cloud Testing
Mobile & Web Testing
IoT Testing
Quality Process Consulting
ASIC, FPGA, SoC Design & Development
Design Verification & Pre/Post-Silicon Validation
Physical Design & DFT
Analog & Mixed-Signal Design Services
Transformation
Services
Image Tuning
OS Porting & Optimization
Remote Device Management
Product Redesign
High Power Design Services
Big Data
Cybersecurity
Robotic Process Automation
Extended Reality
Blockchain
Generative AI
Intelligent Test Automation
Security Testing
UI/UX Testing
Wireless Testing
Multimedia Testing
QAOPs
Process Migration
Derivative ASICs
IP/VIP Development, Integration & Verification

IoT

AI & ML

Cybersecurity

Device
Foundation Services
Hardware Design
Embedded System & Software Development
Multimedia & Digital Solutions
Design to Manufacturing
Product Sustenance
Transformation Services
Image Tuning
OS Porting & Optimization
Remote Device Management
Product Redesign
Digital
Foundation Services
Cloud
DevOps
User Experience
Full Stack
Mobility
IoT
AI & ML
Transformation Services
Big Data
Cybersecurity
Robotic Process Automation
Extended Reality
Blockchain
Generative AI
Quality
Foundation Services
Product Testing
Cloud Testing
Mobile & Web Testing
IoT Testing
Quality Process Consulting
Transformation Services
Intelligent Test Automation
Security Testing
UI/UX Testing
Wireless Testing
Multimedia Testing
QAOPs
Silicon
Foundation Services
ASIC, FPGA, SoC Design & Development
Design Verification & Pre/Post-Silicon Validation
Physical Design & DFT
Analog & Mixed-Signal Design Services
Transformation Services
Process Migration
Derivative ASICs
IP/VIP Development, Integration & Verification
Privacy Policy

Our website places cookies on your device to improve your experience and to improve our site. Read more about the cookies we use and how to disable them. Cookies and tracking technologies may be used for marketing purposes.

By clicking “Accept”, you are consenting to placement of cookies on your device and to our use of tracking technologies. Click “Read More” below for more information and instructions on how to disable cookies and tracking technologies. While acceptance of cookies and tracking technologies is voluntary, disabling them may result in the website not working properly, and certain advertisements may be less relevant to you.
We respect your privacy. Read our privacy policy.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.