PromptLock: How AI Could Supercharge Ransomware Attacks - 1

Image by Max Bender, from Unsplash

PromptLock: How AI Could Supercharge Ransomware Attacks

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Cybersecurity firm ESET has announced the discovery of what its researchers call “the first known AI-powered ransomware.”

In a rush? Here are the quick facts:

  • PromptLock can steal, encrypt, and potentially destroy data.
  • It uses AI to generate malicious scripts automatically on the target machine.
  • AI could allow ransomware to adapt, scale, and attack faster than before.

The malicious software, called PromptLock, shows how AI can be used in dangerous cyberthreats. Researchers at ESET explain that PromptLock can steal data, while encrypting files, and destroy data. However, the researchers say that this destructive function does not seem to be active yet.

In other words the ransomware does not seem to have been deployed in real-world attacks. As a result, ESET believes that the software is either an unfinished proof-of-concept, or a project still under development.

“The PromptLock malware uses the gpt-oss-20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes. PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption,” said ESET researchers.

They added: “The PromptLock ransomware is written in Golang, and we have identified both Windows and Linux variants uploaded to VirusTotal.” Golang is a flexible programming language often used by malware developers because it can run across different platforms.

Experts have long warned that AI could give hackers new tools. “AI models have made it child’s play to craft convincing phishing messages, as well as deepfake images, audio and video,” ESET noted. With these tools widely available, even attackers with limited technical skills can launch more advanced attacks .

For example, researchers at CloudSek recently discovered that hackers can embed ransomware instructions inside documents via AI summarizers. “A novel adaptation of the ClickFix social engineering technique has been identified, leveraging invisible prompt injection to weaponize AI summarization systems,” they said.

These infected AI summarizers can produce dangerous instructions through invisible text tricks and repeated hidden commands, leading users to unknowingly execute malicious tasks automatically.

Ransomware has evolved into a major cybersecurity threat , often used by both criminals and advanced hacking groups. The discovery of PromptLock technology indicates that AI systems could enhance these ransomware attacks, automating file scanning, data theft, and adjusting tactics in real time.

While PromptLock may not yet be in active use, researchers say it highlights a future of cyberattacks powered by artificial intelligence.

Fake IT Support Scams Spread On Microsoft Teams - 2

Image by fptsmartcloud, from Pxhere

Fake IT Support Scams Spread On Microsoft Teams

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

New reports show how hackers are targeting Microsoft Teams, a platform used as a daily communication tool for millions of employees.

In a rush? Here are the quick facts:

  • Fake IT support accounts trick users into installing remote access tools.
  • Malware steals passwords, ensures persistence, and can crash systems.
  • Attacks are linked to groups like EncryptHub and Water Gamayun.

Instead of relying only on email scams, cybercriminals have resorted to Teams as it provides them with the ideal environment to trick people into giving them access.

“In recent months, we have observed a growing number of campaigns abusing Microsoft Teams to deliver malicious payloads,” said researchers at Permiso . The attacks usually begin with a direct message or call from what looks like an IT support person. These fake accounts often carry names such as IT SUPPORT or Help Desk to look convincing. Some even copy the style of legitimate accounts to make themselves appear official.

“Since its release in early 2017, Microsoft Teams has been widely adopted,” and because people trust the platform, they’re less suspicious. That trust is exactly what hackers are taking advantage of.

The scam is fairly simple. After getting in touch with the victim, the attackers pretend to provide assistance with technical difficulties. The attacker then demands that the victim download remote access software through QuickAssist or AnyDesk. As the victim grants permission, the attackers obtain complete control of the. Finally, malware is installed.

The researchers point out how this malicious software can do serious damage. Specifically, the malware enables password theft, grants hidden access to the computer, and even crashes the entire system if defenders try to stop it. After gaining entry, the hackers can also deploy ransomware or other tools to lock systems and demand payment.

The group behind these campaigns has been linked to dangerous malware families such as DarkGate and Matanbuchus. Security experts track them under names like EncryptHub, LARVA-208, or Water Gamayun. Their main targets are English-speaking IT staff, software developers, and people working in the Web3 space.

Experts say these scams are so effective because of the “appearance of authority” and the “familiarity of the platform.” Put simply, users tend to trust messages within Teams because of their familiarity with the platform, which hackers use to their advantage.