{
  "name": "The First AI-Powered Ransomware & How It Works",
  "slug": "the-first-ai-powered-ransomware-how-it-works",
  "description": "PromptLock, a proof-of-concept AI-powered ransomware, leverages Lua scripts generated from hard-coded prompts to perform malicious activities across Windows, Linux, and macOS. Written in Go, it communicates with a locally hosted LLM through the Ollama API. The malware scans the filesystem, identifies sensitive information, and uses SPECK 128-bit encryption in ECB mode to encrypt files. It dynamically generates ransom notes and adapts its behavior based on the infected machine type. PromptLock's cross-platform compatibility and AI-driven script generation make it a significant concern for cybersecurity professionals, highlighting the need for advanced defensive strategies against evolving AI-powered threats.",
  "published": "2025-08-29T11:41:14+00:00",
  "created_at": "2025-08-29T11:41:14+00:00",
  "modified_at": "2025-08-29T13:49:34+00:00",
  "created_at_opencti": "2025-08-29T11:41:14+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-08-29",
    "ai-powered",
    "cross-platform",
    "dynamic ransom notes",
    "filesystem scanning",
    "go-language",
    "lua scripts",
    "ollama api",
    "promptlock",
    "proof-of-concept",
    "ransomware",
    "speck encryption"
  ],
  "related_entities": {
    "malware": [
      {
        "id": "legacy:malware:8a70185da384464d",
        "name": "PromptLock",
        "slug": "promptlock"
      }
    ],
    "attack_patterns": [
      {
        "id": "93b2c4dd-5523-4464-8976-78754ee372fd",
        "name": "T1012"
      },
      {
        "id": "c9ee9b30-ba84-4c24-95e9-e8242d42af3f",
        "name": "T1071.001"
      },
      {
        "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1",
        "name": "T1486"
      },
      {
        "id": "dc17cbbd-40d8-43cf-b3cf-50d1276db2c7",
        "name": "T1016"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      }
    ]
  },
  "external_refs": [
    "https://www.welivesecurity.com/en/ransomware/first-known-ai-powered-ransomware-uncovered-eset-research/",
    "https://otx.alienvault.com/pulse/68b1adfad2b4f175757d71b2"
  ]
}