top of page

Security Bulletin

Public·3 members
Back
George SuttonGeorge Sutton

Dawn of a New Era: AI Ransomware Has Arrived

September 8, 2025

ree

What:

  • Security firm ESET uncovered a novel ransomware variant dubbed PromptLock, believed to be the first AI-powered ransomware.

  • Researchers at NYU Tandon confirmed they authored the code as part of a research project named Ransomware 3.0 ("Self-Composing and LLM-Orchestrated"), with intent to expose potential future threats. PromptLock is considered to be Proof-of-Concept (PoC), and while it has yet to be observed in real world attacks, it is theoretically capable of autonomously scanning files, deciding which to exfiltrate or encrypt, and can even destroy data altogether.

⚠️Impact:

  • Lowered Barriers: By proving that an LLM can autonomously manage the entire ransomware lifecycle, this concept significantly lowers the technical threshold for future malicious use.

  • Cost-Efficient Threat Crafting: Researchers estimated a full attack could cost as little as $0.70 using paid API services—and near zero if using open-source models.

  • New Vectors to Watch: AI-generated polymorphic scripts complicate detection. Since code is generated in real-time, signature-based Antivirus and EDR solutions may be ineffective at detecting the malware.

  • Security Posture at Risk: The findings underscore how AI has and will continue to transform the cyber threat landscape, swiftly automating reconnaissance, payload creation, and extortion with minimal human oversight.

💡Recommendations:

  • Monitor AI-Powered Threats Early: Although not yet operational, security teams must treat PromptLock as a warning sign—and proactively monitor for AI-driven ransomware and similar AI originated attacks.

  • Enhance Detection Strategies:

  • Employ behavioral analytics over static signatures.

  • Target anomalies such as unexpected Lua script generation or unusual LLM API access patterns.

  • Control AI Model Access:

  • Restrict local LLM execution on endpoints.

  • Enforce API usage policies and monitor AI tool logs.

  • Secure Development Practices:

  • Limit embedding natural-language prompts in executables.

  • Use application whitelisting and code integrity checks to detect dynamic script execution.

  • Strengthen Defenses and Preparedness:

  • Maintain offline backups and robust network segmentation to limit potential damage.

  • Train SOC teams to recognize AI-related anomalies and develop incident response plans tailored to AI-assisted threats.

  • Collaborate across security and academic communities to build defenses ahead of real-world exploitation.

Read the full article HERE


27 Views
bottom of page