Some cybercriminal groups are beginning to integrate AI and large language models into ransomware development and initial-access operations, though most ransomware groups do not yet use AI in malware modules. A proof-of-concept called PromptLock runs largely on a single machine and leverages an open-source OpenAI model to generate malicious Lua scripts on the fly, inspect targeted files, steal data, and deploy encryption. Large model sizes and high computational requirements create deployment challenges for AI-assisted ransomware, but adversaries are exploring workarounds and are likely to attempt increasingly sophisticated AI-enabled threats. AI use currently appears more widespread for initial access than for malware development.
"There are definitely some groups that are using AI to aid with the development of ransomware and malware modules, but as far as Recorded Future can tell, most aren't," says Allan Liska, an analyst for the security firm Recorded Future who specializes in ransomware. "Where we do see more AI being used widely is in initial access."
"Deploying AI-assisted ransomware presents certain challenges, primarily due to the large size of AI models and their high computational requirements. However, it's possible that cybercriminals will find ways to bypass these limitations," ESET malware researchers Anton Cherepanov and Peter Strycek, who discovered the new ransomware, wrote in an email to WIRED. "As for development, it is almost certain that threat actors are actively exploring this area, and we are likely to see more attempts to create increasingly sophisticated threats."
"generate malicious Lua scripts on the fly"
Collection
[
|
...
]