Ransomware leveraging artificial intelligence is no longer a concept, though PromptLock, the recently discovered proof-of-concept (PoC), is not yet an active threat. Developed by researchers at New York University’s Tandon School of Engineering, PromptLock demonstrates how large language models (LLMs) could orchestrate ransomware attacks.

Samples of PromptLock appeared on VirusTotal in late August, with ESET revealing that it used OpenAI’s GPT-OSS:20b and hardcoded prompts to dynamically generate Lua scripts capable of performing actions on targeted systems.

The NYU team later confirmed that PromptLock is only a research prototype, part of their paper on Ransomware 3.0, described as the first threat model demonstrating LLM-orchestrated ransomware.

How Ransomware 3.0 Works

According to the researchers, Ransomware 3.0 uses LLMs to orchestrate all phases of an attack chain, adapting to the target environment and generating tailored payloads automatically.

“The system performs reconnaissance, payload generation, and personalized extortion in a closed-loop attack campaign without human intervention,” the academics explain.

The prototype operates as a seemingly legitimate tool with embedded malicious instructions. Once executed, it uses AI to scan the environment, identify sensitive data, craft an attack vector such as file encryption, and generate personalized ransom notes.

The researchers warn that distinguishing between legitimate LLM-based utilities and those with hidden malicious instructions will become increasingly difficult. Deployed malware could detect local LLM endpoints, harvest API keys, or connect to its own command-and-control server to generate malicious code on the fly.

Real-World AI-Enhanced Ransomware

While PromptLock itself is only a PoC, AI-driven ransomware attacks already exist in the wild. According to Anthropic’s August 2025 threat intelligence report, attackers have been using AI tools like Claude Code to execute ransomware operations, including:

• Reconnaissance and scanning of internet-connected devices
• Exploitation and lateral movement across networks
• Data exfiltration and analysis to determine ransom amounts
• Crafting psychologically targeted ransom notes

Anthropic reports that such attacks have compromised sensitive data including healthcare records, financial information, government credentials, and more, with ransom demands sometimes exceeding $500,000 USD.

AI tools like Claude Code have also been used to create malware, add anti-detection capabilities, and automate the analysis of stolen data for optimal extortion.

The Implications

Experts stress that AI is not just a theoretical enhancement for ransomware—it serves as both a technical consultant and an active operator. Steve Povolny, Senior Director of Security Research at Exabeam, notes:

“Attackers can now construct highly specific and complex ransomware campaigns at unprecedented speed, in the same way non-coders can develop enterprise applications with minimal experience. The underlying methods haven’t changed, but AI makes them faster, cheaper, and easier to execute.”

This evolution signals a new era in cybercrime, where foundational AI models can automate, optimize, and scale ransomware attacks far beyond traditional manual approaches.

Source: https://www.securityweek.com/promptlock-only-poc-but-ai-powered-ransomware-is-real