{"id":377860,"date":"2025-08-27T14:42:12","date_gmt":"2025-08-27T14:42:12","guid":{"rendered":"https:\/\/www.europesays.com\/uk\/377860\/"},"modified":"2025-08-27T14:42:12","modified_gmt":"2025-08-27T14:42:12","slug":"the-era-of-ai-generated-ransomware-has-arrived","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/uk\/377860\/","title":{"rendered":"The Era of AI-Generated Ransomware Has Arrived"},"content":{"rendered":"<p class=\"paywall\">While such activity so far does not appear to be the norm across the ransomware ecosystem, the findings represent a stark warning.<\/p>\n<p class=\"paywall\">\u201cThere are definitely some groups that are using AI to aid with the development of ransomware and malware modules, but as far as Recorded Future can tell, most aren\u2019t,\u201d says Allan Liska, an analyst for the security firm Recorded Future who specializes in ransomware. \u201cWhere we do see more AI being used widely is in initial access.\u201d<\/p>\n<p class=\"paywall\">Separately, researchers at the cybersecurity company ESET this week <a data-offer-url=\"https:\/\/bsky.app\/profile\/esetresearch.bsky.social\/post\/3lxctuaf4222t\" class=\"external-link\" data-event-click=\"{&quot;element&quot;:&quot;ExternalLink&quot;,&quot;outgoingURL&quot;:&quot;https:\/\/bsky.app\/profile\/esetresearch.bsky.social\/post\/3lxctuaf4222t&quot;}\" href=\"https:\/\/bsky.app\/profile\/esetresearch.bsky.social\/post\/3lxctuaf4222t\" rel=\"nofollow noopener\" target=\"_blank\">claimed<\/a> to have discovered the \u201cfirst known AI-powered ransomware,\u201d dubbed PromptLock. The researchers say the malware, which largely runs locally on a machine and uses an open source AI model from OpenAI, can \u201cgenerate malicious Lua scripts on the fly\u201d and uses these to inspect files the hackers may be targeting, steal data, and deploy encryption. ESET believes the code is a proof-of-concept that has seemingly not been deployed against victims, but the researchers emphasize that it illustrates how cybercriminals are starting to use LLMs as part of their toolsets.<\/p>\n<p class=\"paywall\">\u201cDeploying AI-assisted ransomware presents certain challenges, primarily due to the large size of AI models and their high computational requirements. However, it\u2019s possible that cybercriminals will find ways to bypass these limitations,\u201d ESET malware researchers Anton Cherepanov and Peter Strycek, who discovered the new ransomware, wrote in an email to WIRED. \u201cAs for development, it is almost certain that threat actors are actively exploring this area, and we are likely to see more attempts to create increasingly sophisticated threats.\u201d<\/p>\n<p class=\"paywall\">Although PromptLock hasn\u2019t been used in the real world, Anthropic\u2019s findings further underscore the speed with which cybercriminals are moving to building LLMs into their operations and infrastructure. The AI company also spotted another cybercriminal group, which it tracks as GTG-2002, using Claude Code to automatically find targets to attack, get access into victim networks, develop malware, and then exfiltrate data, analyze what had been stolen, and develop a ransom note.<\/p>\n<p class=\"paywall\">In the last month, this attack impacted \u201cat least\u201d 17 organizations in government, health care, emergency services, and religious institutions, Anthropic says, without naming any of the organizations impacted. \u201cThe operation demonstrates a concerning evolution in AI-assisted cybercrime,\u201d Anthropic\u2019s researchers wrote in their report, \u201cwhere AI serves as both a technical consultant and active operator, enabling attacks that would be more difficult and time-consuming for individual actors to execute manually.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"While such activity so far does not appear to be the norm across the ransomware ecosystem, the findings&hellip;\n","protected":false},"author":2,"featured_media":377861,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3163],"tags":[323,28396,1942,3457,15986,31867,811,53,16,15],"class_list":{"0":"post-377860","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-artificial-intelligence","8":"tag-ai","9":"tag-anthropic","10":"tag-artificial-intelligence","11":"tag-cybersecurity","12":"tag-hacking","13":"tag-ransomware","14":"tag-security","15":"tag-technology","16":"tag-uk","17":"tag-united-kingdom"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@uk\/115101259815436912","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/377860","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/comments?post=377860"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/377860\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media\/377861"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media?parent=377860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/categories?post=377860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/tags?post=377860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}