The Reveal Platform
Intel Name: Promptlock poc ransomware: lessons and key takeaways
Date of Scan: November 28, 2025
Impact: High
Summary: In August 2025, researchers discovered a proof-of-concept ransomware named PromptLock, created as part of an academic study on orchestrating ransomware-style attacks with large language models (LLMs). The sample uses a locally hosted LLM—calling a gpt-oss:20b model via the Ollama API—to dynamically generate and execute malicious Lua scripts capable of file enumeration, selective exfiltration, and cross-platform actions. Although only a POC, it demonstrates how local LLMs can make ransomware more adaptive, unpredictable, and easier for threat actors to develop. For defenders, this highlights the need to treat model runtimes as critical assets by tightening API and file permissions and monitoring for unusual script activity. Ollama, which allows users to download and run various LLMs locally, poses additional challenges because organizations often lack visibility into prompts, outputs, or whether downloaded models are tampered with. This uncontrolled adoption of local LLM tools expands the attack surface and increases the risk of exploitation as employees experiment with emerging AI technologies. CVE ID : CVE-2025-6218, CVE-2025-8088
