PromptLock: The AI-Powered Ransomware That Writes Its Own Code

ESET specialists have reported the first documented case of ransomware in which artificial intelligence plays a central role. The newly discovered strain, named PromptLock, is written in Go and leverages OpenAI’s local gpt-oss:20b model via the Ollama interface to generate malicious Lua scripts in real time. These scripts execute directly on the infected device, enabling the program to enumerate disk files, analyze their contents, exfiltrate selected data, and encrypt them. The code runs seamlessly on Windows, Linux, and macOS, making the threat inherently cross-platform.

According to its design, the malware is capable not only of copying or encrypting data but also of completely destroying it, though the destructive functionality has not yet been implemented. In the generated prompts, researchers discovered a Bitcoin wallet address associated with the identity of Satoshi Nakamoto, further fueling intrigue around the sample. For file encryption, the program employs the SPECK algorithm with a 128-bit key—a choice that suggests an experimental proof-of-concept rather than a tool prepared for widescale attacks.

Experts emphasize that all evidence so far points to a prototype or demonstration build: samples for Windows and Linux were uploaded to VirusTotal, but there is no indication of active mass distribution. Nevertheless, the use of a generative AI model to dynamically create malicious code represents a fundamentally new paradigm, demanding close attention from the cybersecurity community.

ESET has classified the program as Filecoder.PromptLock.A and stresses that even as a concept, such projects pave the way for a new generation of ransomware, redefining the landscape of digital threats.