Promptlock: The First AI-Generated Ransomware Threatens Cybersecurity

You’ve likely heard about ransomware for years — that type of malware that “kidnaps” a company’s or individual’s files, encrypts them, and demands payment for their release. Nothing new there. What’s radically changing now is this: you no longer need a team of expert programmers writing malicious code. With Promptlock, ransomware is now generated and adapted autonomously using artificial intelligence.

At TecnetOne, we break down how this new threat works, why it’s so dangerous, and what you should do to protect your business.

What Is Promptlock and Why Is It Different?

Unlike traditional ransomware built with prewritten code, Promptlock functions like a generative AI. Instead of executing a static script, it dynamically creates malicious code depending on the system it infiltrates.

Whether your organization runs Windows, Linux, or macOS, this malware can automatically craft instructions to adapt to your environment. Regardless of the infrastructure, Promptlock finds a way to exploit weaknesses and achieve its goal.

Written in Golang, a versatile programming language, Promptlock uses 128-bit encryption to lock files. But what’s even more alarming is its ability to copy and exfiltrate data before encrypting it — so not only do you risk losing access to your data, but also having it leaked or sold on the dark web.

How Promptlock Attacks Step by Step

The infection flow is unlike anything we've seen:

1. Initial Access
   Like most malware, Promptlock enters through phishing emails, malicious downloads, or via a vulnerable third-party vendor.

2. Dynamic Adaptation
   Promptlock activates its AI engine to analyze the victim's OS and environment. It then generates malicious scripts in real time to suit that system — a huge leap in malware sophistication.

3. Execution
   Depending on the attacker's settings, it may steal data, encrypt files, or even destroy them (though this last function is reportedly inactive for now).

4. Ransom Demand
   A ransom note is displayed, demanding payment to regain access to the locked files.

Because the malware is dynamically generated, it’s significantly harder to detect using traditional antivirus solutions.

Also of interest: The Evolution of Artificial Intelligence Driven Malware

Why Is It So Hard to Detect?

Most cybersecurity tools rely on signatures — known patterns or code snippets to flag ransomware. Promptlock changes that game entirely. It rewrites itself with every infection, producing virtually endless variations.

ESET researchers discovered the first instances of this malware and submitted them to platforms like VirusTotal. While still categorized as a proof of concept, the threat is very real — any malicious actor with access to generative AI can now launch their own customized variant.

AI: A Double-Edged Sword

Generative AI has brought enormous benefits in productivity, creativity, and automation. But in the wrong hands, it becomes a devastating weapon.

Promptlock exemplifies this: an AI that creates, adapts, and executes malicious code without human programming. This lowers the barrier to entry for cybercriminals and enables even low-skilled attackers to launch complex campaigns.

What Risks Does It Pose to Your Business?

Whether you're a small business or a large enterprise, the risks are serious:

1. Data loss: Your critical files may become inaccessible.

2. Data leaks: Stolen information may be sold or leaked online, harming your clients, employees, or partners.

3. Financial impact: Paying the ransom doesn’t guarantee recovery — and downtime costs money.

4. Legal implications: Mishandling personal data could lead to regulatory penalties.

5. Reputational damage: Lost trust can be more costly than any fine.

What Promptlock Teaches Us About the Future of Ransomware

Promptlock signals a paradigm shift in cybercrime. Attacks are no longer launched with static malware — instead, they're powered by AI-driven tools that adapt in real time.

This means that defenses must also evolve. Antivirus software alone is not enough. Companies now need integrated strategies, including:

1. Continuous monitoring

2. Behavior-based detection (not just signature-based)

3. Rapid incident response

4. Immutable backups

5. Staff training to recognize social engineering traps

Read more: Xanthorox AI: A New Malicious AI Tool Emerges on the Darknet

Expert Recommendations Against Promptlock

ESET researchers and cybersecurity experts suggest the following:

1. Only download software from trusted sources. Avoid pirated tools or unofficial sites.

2. Keep your systems and software updated. Most ransomware exploits known, unpatched vulnerabilities.

3. Review app permissions carefully. Be skeptical of apps asking for excessive access.

4. Use multi-factor authentication (MFA). It’s not a silver bullet, but it raises the bar for attackers.

5. Have a response plan. This is where TecnetOne can make a difference.

Why Incident Response Matters

At TecnetOne, we know no system is 100% immune. That’s why having a strong incident response service is essential. Our approach includes:

1. Fast intrusion detection

2. Attack containment

3. Ejection of the attacker

4. Secure recovery

5. Post-incident analysis to prevent recurrence

Conclusion

Promptlock is proof that cybersecurity has entered a new era — one where AI doesn’t just protect, it attacks. Its speed and adaptability make it a real threat for organizations of all sizes.

What once sounded like science fiction is now reality: malware that writes and rewrites itself to stay undetected.

The question is no longer if your company will be attacked — it’s when. And when it happens, how prepared will you be?

At TecnetOne, we help you prepare, respond, and recover — without paying the price of ransom. Let’s talk.