A cybersecurity firm has identified the first piece of AI-powered ransomware in the wild, dubbed “PromptLock”. The malware uses a large language model to assist in carrying out ransomware attacks on Windows, Mac, and Linux devices. According to senior malware researcher Anton Cherepanov, the code was discovered by ESET on VirusTotal, an online repository for malware analysis.
PromptLock sends requests through Ollama, an open-source API, and a local version of an open-weights model to execute tasks such as inspecting local filesystems, exfiltrating files, and encrypting data using SPECK 128-bit encryption. The malware is believed to be a proof of concept, with unfinished functionality and no evidence of deployment by threat actors in ESET telemetry.
Researchers have highlighted the potential risk of AI-powered ransomware, noting that these programs can exploit security holes in the prompting process and carry out core functions of ransomware, including locking files, stealing data, and demanding payment. The use of AI-generated scripts makes it challenging to detect and defend against such attacks.
This novel example showcases the need for high-level administrative access and proper implementation guidelines for AI “agents” deployed in networks to prevent prompt injection attacks and potential exploitation by attackers.
Source: https://cyberscoop.com/prompt-lock-eset-ransomware-research-ai-powered-prompt-injection