PromptLock: AI-Powered Ransomware and Its Sophisticated Architecture

Introduction

Ransomware continues to evolve as one of the most destructive forms of cybercrime. In 2025, PromptLock emerged as the first known AI-powered ransomware proof-of-concept (PoC), reported by ESET researchers. Unlike traditional ransomware that carries pre-built malicious code, PromptLock embeds hard-coded prompts that it feeds to a locally hosted large language model (LLM) via the Ollama API.

The LLM (identified as gpt-oss:20b) dynamically generates Lua scripts, which then execute tasks such as filesystem scanning, data exfiltration, and file encryption. By offloading malicious logic generation to an AI model, PromptLock demonstrates a new level of adaptability and cross-platform flexibility, running seamlessly on Windows, Linux, and macOS.

How PromptLock Works: Dynamic AI-Powered Attack Chain

1. Initialization
   

   • main_main sets up runtime checks and coordinates execution.
     

2. LLM Invocation
   

   • main_invokeLLM connects to the Ollama API, sends embedded prompts, and retrieves generated Lua scripts.
     

3. Script Execution
   

   • main_execTask and main_execLua execute AI-generated Lua code for filesystem operations, targeting, and encryption.
     

4. Key Management & Encryption
   

   • main_generateRandomKeyHex → Generates random key in hex.
     

   • main_hexkeyToLuaWords → Prepares the key for use in Lua.
     

   • Implements SPECK-128 .Files are encrypted in 16-byte blocks and overwritten.
     

5. Auxiliary Functions
   

   • main_rsaEncrypt exists but is not used for bulk encryption — likely reserved for metadata or key exchange.
     

   • main_parseTasksFromFile drives execution from config/log files.
     

Cross-Platform Lua Payloads

Lua scripts allow execution across Windows, Linux, and macOS, giving PromptLock broad reach without platform-specific payloads.

Artifacts and File Traces

• scan.log → File inventory
  

• target_file_list.log → Candidate files
  

• payloads.txt → Staging data
  

Ransom Note

AI-generated ransom notes include a Bitcoin address historically tied to Satoshi Nakamoto, used for psychological manipulation rather than real payment collection.

Indicators of Compromise (IOCs)

SHA-256 Samples:

• 1458b6dc98a878f237bfb3c3f354ea6e12d76e340cefe55d6a1c9c7eb64c9aee
  

• 2755e1ec1e4c3c0cd94ebe43bd66391f05282b6020b2177ee3b939fdd33216f6
  

MITRE ATT&CK Mapping

Defensive Takeaways

• Detect Ollama misuse: Monitor access to localhost:11434.
  

• Lua anomaly detection: Flag unusual use of embedded Lua interpreters.
  

• Behavioral ransomware hunting: Look for rapid block overwrites and log file creation.
  

• Restrict local AI runtimes: Confine Ollama to dev-only environments

PromptLock represents the first AI-powered ransomware PoC, showing how LLMs can dynamically generate malicious logic at runtime. While still experimental, it is a warning sign: AI is lowering the barrier to entry for advanced ransomware.

How Druva Can Help

While your primary security tools provide best-in-class threat prevention, detection & response, Druva provides the last line of defense for when sophisticated threats like PromptLock get through and you do need to get back to normal. Follow these steps:

1. Implement an Incident Response Plan

Review and test your incident response plan in a timely manner to ensure you can effectively respond to a potential breach, including utilizing Druva's recovery capabilities.

2. Operationalize Druva’s cyber response and recovery capabilities

• Security Command Center

  • Periodically monitor security posture of your Druva environment (for Data Anomaly alerts, Threats, Access Risks, New geolocation events) etc. and take swift action. 

• Data Anomaly Detection Alerts

  • Proactively identify data anomalies across Endpoints, NAS, File Servers, VMware, Microsoft OneDrive and SharePoint data.

  • Monitor alerts for mass creation, modification, encryption, and deletion actions across all resource types.

  • Subscribe to the Data Anomaly Alerts report and related alerts to receive timely notifications via email.

•  Leverage Threat Hunting

  • Druva’s IOC Library is always up to date with the latest threat intel. Investigate IOCs by performing periodic threat scans on your AWS EC2, VMware VM, and Azure VM backups to ensure their integrity. IOCs specific to PromptLock have been published by Druva’s in-house threat research team and can be found in the IOC Library. 

  • Utilize Federated Search to scan for IOC SHA values across your backed-up data (Endpoints, Microsoft 365, Google Workspace, etc.) to detect threats. Immediately quarantine detected infections via Federated Search to contain them, or use Defensible Delete to remove them from both the backup snapshot and the source.

• Quarantine Backups

  • Limit the perimeter of the threat by quarantining the infected snapshots using the Quarantine Bay functionality

• Cyber Recovery: Leverage Druva’s cyber recovery workflows to ensure clean, lossless recovery

  • Restore Scan — Utilize restore scan functionality to restore backup snapshots with confidence. Druva’s restore scans are backed by powerful AV scanning and IOC Library scans. 

• Curated Recovery: Delivers the most recent clean version of each file. 

• Sandbox Recovery: Verify and certify clean recovery

How resilient are you against ransomware like PrompLock? In just 5 minutes, benchmark your cyber resilience, uncover hidden security gaps, and get a personalized score you can act on. Assess your cyber resilience now.