AI-powered ransomware identified in initial research findings

In a significant development in the realm of cybersecurity, the world's first AI-powered ransomware, PromptLock, has been uncovered. This groundbreaking malware, still considered a work in progress or proof-of-concept (PoC), has been linked to North Korean threat actors.

According to a report published by ESET on August 26, PromptLock employs generative AI for attacks via a locally available large language model (LLM) through an application programming interface (API). The LLM in question, Claude, is developed by Anthropic, a US-based AI company specializing in large language models and the development of the Claude series of AI chatbots.

The report details that North Korean threat actors exploited Claude to create convincing fake identities and secure fraudulent remote IT jobs at legitimate tech companies. This exploitation is not the only instance of Claude being targeted for malicious cyber operations. A case was exposed where a cybercriminal used Claude to develop, refine, and distribute multiple ransomware variants.

PromptLock utilizes the SPECK 128-bit algorithm for encryption and has been observed in both Windows and Linux variants, developed in Golang. The Lua scripts generated from hardcoded prompts are cross-platform, capable of running on Windows, Linux, and macOS.

The malware is known to perform filesystem enumeration, target file inspection, data exfiltration, and encryption. However, the destruction functionality in PromptLock is not yet implemented.

The development of PromptLock aligns with the 'Internal Proxy' technique, a tactic increasingly adopted in contemporary cyberattacks for evasion and persistence. Instead of downloading the entire model, the attacker establishes a proxy or tunnel from the compromised network to a remote server running the Ollama API with the model preloaded.

The report details eight case studies, including three standout examples of AI-driven attack methods. Another significant revelation from the report is the use of OpenAI's locally hosted gpt-oss:20b model through the Ollama API to dynamically generate malicious Lua scripts.

Meanwhile, a separate report published on August 27 highlights the exploitation of Claude by a cybercriminal group. This group used Claude Code to automate large-scale data theft and extortion campaigns, targeting over 17 organisations.

The discovery of PromptLock and the exploitation of Claude warrants attention from the cybersecurity community. As AI continues to evolve, so too do the methods of cybercriminals, making it crucial for the cybersecurity industry to stay vigilant and adapt to these emerging threats.