"So Raz, along with his fellow researchers, developed an AI system to perform four phases of a ransomware attack. The engineers tested the malware against two models: OpenAI's gpt-oss-20b and its heavier counterpart, gpt-oss-120b. It generates Lua scripts customized for each victim's specific computer setup, maps IT systems, and identifies environments, determining which files are most valuable, and thus most likely to demand a steep extortion payment from a victim organization."
""It's more targeted than a regular ransomware campaign that affects the entire system," he described. "It specifically targets a couple of files, so it's a lot harder to detect. And then the attack is super personalized. It's polymorphic, so every time you run it on different systems, or even multiple times on the same system, the generated code is never going to be the same.""
An AI system was created to automate all four phases of a ransomware attack and was tested against two large language models. The system generates Lua scripts customized to each victim's computer configuration, maps IT systems, identifies environments and high-value files, and selects targets for selective encryption to maximize extortion value. The generated payloads are polymorphic, producing unique code on each run to hinder detection. The AI also exfiltrates data and composes personalized ransom notes using user information and bios found on infected machines, enabling highly targeted and stealthier extortion campaigns.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]