Do you remember the time when cyberattacks were limited to well-known and predictable viruses? Now imagine a world where each attack is unique, capable of evolving and learning from its mistakes. It is into this near future that we are propelled by the arrival of AI-powered ransomware. What does the year 2026 hold for us in terms of cyber threats?
The 3 must-know facts
- The PromptLock ransomware uses a language model to generate malicious scripts in real-time.
- PromptLock adapts and modifies its attacks based on encountered errors.
- This technology heralds a new generation of ransomware capable of bypassing traditional security systems.
A new generation of ransomware
The ESET Threat Report H2 2025 highlights PromptLock, a ransomware that stands out for its use of artificial intelligence. Unlike traditional ransomware, PromptLock does not rely on fixed code. It generates on-demand malicious scripts via a language model, making it particularly unpredictable and difficult for security systems to detect.
PromptLock operates on two levels: a static main module in Go, and dynamically generated Lua scripts. These scripts are used to explore the file system, analyze data, and decide which information should be exfiltrated or encrypted. This approach allows the ransomware to quickly adapt to its attack environment.
An adaptive ransomware
What truly sets PromptLock apart is its adaptive nature. When a script fails, the ransomware sends execution logs back to the language model, which then rewrites the code taking previous errors into account. This learning capability gives PromptLock a significant advantage, making each attack unique and complicating the task for traditional security solutions that rely on signature recognition.
However, ESET specifies that PromptLock is not yet a truly autonomous threat. It still requires human intervention to choose targets and conduct extortion. Nevertheless, the use of AI reduces the time needed to customize an attack and allows for quick reactions when scripts are detected.
Implications for cybersecurity
The rise of AI ransomware raises important questions for cybersecurity. With the ransomware-as-a-service model gaining popularity, attacks are becoming increasingly sophisticated and difficult to contain. Cybercriminals are investing in technologies capable of neutralizing detection solutions before encryption, making the task of security experts more challenging.
For 2026, although the emergence of fully autonomous ransomware is unlikely, ransomware campaigns are expected to become more flexible and harder to analyze. Experts will need to adapt to this new reality where each attack is customized and each script is unique.
Background and history of ESET
ESET, founded in 1992, is a computer security company recognized for its antivirus and security solutions. Based in Bratislava, Slovakia, it has established itself as a major player in the field of cybersecurity. ESET is particularly known for its in-depth research on emerging threats and its commitment to informing the public about developments in digital security.
Over the years, ESET has developed a range of products tailored to the needs of individuals, businesses, and governments. Thanks to its expertise and ability to anticipate trends, ESET continues to be a leader in the fight against cyber threats, offering innovative solutions to protect users worldwide.