Skip to content
Ransomware group

PromptLock

PromptLock is a Golang-based, cross-platform ransomware prototype that ESET identified in August 2025 and named as the first known AI-powered ransomware.

Profile source: Mallory opens in a new tab

PromptLock

Family profile

PromptLock is a Golang-based, cross-platform ransomware prototype that ESET identified in August 2025 and named as the first known AI-powered ransomware. High-confidence reporting in the provided content indicates it is a proof of concept or work in progress rather than malware observed in real-world attacks, and later reporting linked the samples to the academic NYU Tandon research prototype "Ransomware 3.0: Self-Composing and LLM-Orchestrated." PromptLock uses a locally accessible large language model—reported as OpenAI gpt-oss-20b via the Ollama API—to dynamically generate and execute malicious Lua scripts at runtime. Those scripts are described as performing filesystem enumeration, file inspection, data exfiltration, and file encryption; some reporting also notes unfinished or inactive destructive/wipe logic. The malware is described as targeting Windows and Linux, with multiple sources also stating the generated Lua logic was intended to be cross-platform across Windows, Linux, and macOS. ESET reported Windows and Linux variants uploaded to VirusTotal and classified them as Linux/Filecoder.PromptLock.A and WinGo/Filecoder.PromptLock.A. Reported sample SHA-1s include Linux: 24BF7B72F54AA5B93C6681B4F69E579A47D7C102, AD223FE2BB4563446AEE5227357BBFDC8ADA3797, BB8FB75285BCD151132A3287F2786D4D91DA58B8, F3F4C40C344695388E10CBF29DDB18EF3B61F7EF; Windows: 639DBC9B365096D6347142FCAE64725BD9F73270, 161CDCDB46FB8A348AEC609A86FF5823752065D2, 8C7BCAFCE90F5FB121131ECB27346ECFC6E961C5. The content consistently associates PromptLock with ESET’s discovery and later academic attribution, not with a confirmed criminal threat actor or active campaign.

Ransomware.live

Operational record

View group record ↗

Ransomware.live

Published indicators

Full source record ↗

Sha1

6 total
  • 24BF7B72F54AA5B93C6681B4F69E579A47D7C102
  • AD223FE2BB4563446AEE5227357BBFDC8ADA3797
  • BB8FB75285BCD151132A3287F2786D4D91DA58B8
  • F3F4C40C344695388E10CBF29DDB18EF3B61F7EF
  • 639DBC9B365096D6347142FCAE64725BD9F73270
  • 161CDCDB46FB8A348AEC609A86FF5823752065D2

MITRE ATT&CK

PromptLock in ATT&CK

19 distinct techniques

Reporting

Research mentioning PromptLock

Jul 8
Cryptika

PromptSpy Android Malware Uses Google Gemini to Adapt During Runtime Execution | Cryptika Cybersecurity

The first known Android malware family to weaponize a generative AI model, specifically Google’s Gemini, as part of its active execution flow. Discovered in February 2026, the malware represents a significant evolutionary step in mobile threats and follows ESET’s earlier identification of PromptLock, the first AI-powered ransomware, in August 2025.

Jul 7
Picus Security

Inside JADEPUFFER: Defending Against the First Agentic Ransomware

Earlier AI-enabled threats such as LameHug (also called PROMPTSTEAL), MalTerminal, and the PromptLock proof-of-concept are best described as LLM-assisted malware.

Jul 6
Dark Reading

JadePuffer: The First Complete LLM-Driven Ransomware Attack

In fact, last August, security researchers believed they discovered the first AI-driven ransomware, called PromptLock, outside of an attack scenario. The ransomware was later found to be a proof of concept developed by researchers at New York University's Tandon School of Engineering.

Jul 5
Cysecurity News

JadePuffer Uses AI to Streamline End to End Ransomware Operations - CySecurity News - Latest Information Security and Hacking Incidents

Earlier claims of AI-powered ransomware, including PromptLock, were ultimately linked to controlled research rather than active criminal operations.

Jul 2
The Hacker News

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack

In August 2025, researchers at ESET flagged PromptLock, billed as the first AI-powered ransomware; it later turned out to be a lab prototype from NYU called Ransomware 3.0, not a real attack.

Jun 3
Intezer

How attackers are gaining access to LLM inference - Intezer

PROMPTLOCK is a proof-of-concept AI-powered ransomware prototype, often called “Ransomware 3.0,”... The Go binary invokes gpt-oss-20b via a local Ollama API running on the infected host to generate Lua scripts that perform file listing, encryption, exfiltration, and (unfinished) wipe logic.

Jun 1
Cybercenter Space

Space, Cyber, and the New Strategic Triangle: Protecting Satellites in an Era of Hybrid Threats - Center for Cyber Diplomacy and International Security

The first malware known to use AI dynamically during execution to change its form and evade detection, designated Promptlock, was identified in 2025.

May 5
Nozomi Networks

Artificial Intelligence in modern Cybersecurity: From Payloads to APT Ops

PromptLock represents one of the first concrete examples where AI is not merely assisting development but is embedded directly into the execution logic of a ransomware implementation.

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.