Look Around the Corner...And Be Ready
In the last few weeks we’ve seen some different trends emerging in the malware space. We’ve seen PromptLock, a proof-of-concept that runs a local AI model to spit out one-off Lua scripts for discovery, exfil, and encryption; and Storm-0501’s pivot away from on-endpoint encryptors to cloud-based impact. We’re seeing less malware to catch, more behavior to prove and contain.
I put this together to help you look around the corner and think about what’s next, what the trend is, why it’s happening, exactly how the newer tradecraft works, and what to do now— steps that hold up in an audit and a press conference.
What the Trend Actually Is
We’re sliding from the “brick through the window” era of fat, reusable encryptors into ephemeral, AI-assisted operations that leave fewer durable artifacts:
- AI in the loop, locally. PromptLock doesn’t call a cloud API—it launches a local LLM and generates a fresh script per run. That breaks hash/YARA expectations and dodges cloud AI logging. ESET Research
- Impact moves up-stack. Storm-0501 shows how crews can get paid without ever dropping a classic encryptor: compromise identities, flip storage retention/immutability, tamper with keys, and create pressure from the cloud control plane. Microsoft Research
- “Encryptor-less” is mainstream. Campaigns like ShrinkLocker use BitLocker itself to lock systems—your OS does the work; the custom malware footprint is tiny. Kaspersky Research
Why this matters: when artifacts evaporate, your advantage shifts from “did we catch the file?” to “how fast can we see the move and recover?”
How We Got Here (And Why AI Shows Up Now)
Let’s be candid about cause and effect. We created this situation but it was also inevitable.
What Worked and Pushed Attackers Sideways
EDR/XDR killed a lot of commodity loaders. Email gateways throttled broad phishing. Sandbox detonation and better egress controls made C2 noisy. Defenders also learned the usual ransomware tells: VSS deletes, big write bursts, suspicious drivers. That pressure reduced ROI for traditional, on-disk encryptors.
Where the Opportunistic Gaps Remained
- Control-plane blind spots. Most programs still don’t monitor identity and storage like they monitor endpoints. That’s a gap in role assignments, snapshot/retention changes, and key-vault operations—the very knobs modern crews twist. Microsoft’s Storm-0501 write-ups are explicit about this path.
- Interpreter sprawl. PowerShell, Python—and now Lua—are already present. If an attacker can write a short script to enumerate shares and flip recovery, why ship a 5-MB binary? ShrinkLocker’s BitLocker abuse is the blueprint.
- Local AI without guardrails. Dev and research endpoints are quietly running local model servers; pair that with a small loader and you get non-deterministic code on demand with minimal forensic exhaust. (Ollama’s default listener is on localhost:11434—useful for hunts.)
Why AI Now?
Models remove two frictions: (1) the need to pre-package every step, and (2) the repetitiveness that makes static signatures work. With a local model, the malware decides and writes in situ, then throws the script away. That’s not sci-fi--it’s exactly what ESET documents in PromptLock.
What The New Tradecraft Actually Does
Local-LLM Orchestration (PromptLock Pattern)
A small Go wrapper starts or contacts a local model, emits an ephemeral .lua, runs it, then deletes it. Each run can choose different targets (enumerate certain file types, exfil first, encrypt later). Because the “brains” are local, there’s no API trail to subpoena. ESET’s analysis shows cross-platform potential (Windows/Linux, Lua works everywhere; macOS is feasible) and even a non-standard crypto choice (SPECK-128) under test—classic PoC DNA but directionally important. This information is from ESET also referenced above.
Cloud-Based Impact (Storm-0501)
Microsoft reports the actor increasingly skips the endpoint encryptor and executes impact via cloud knobs: privilege changes, storage retention/immutability reductions, snapshot deletions, and key-management actions. That’s “ransomware” measured in config deltas and data access, not a suspicious EXE on a laptop.
Encryptor-less via OS Features (ShrinkLocker)
Using BitLocker to do the encrypting, attackers remove recovery options and lock systems with almost no bespoke code left to hunt. It’s a clean example of low-artifact impact that defenders must detect by sequence, not signature. Here’s the Kaspersky link again.
One Set of Recommendations
I’m squarely in the camp, FUD (fear uncertainty and doubt) is for folks who can’t make a fact based argument. That being said you need to help your IT teams and MSSP to execute and tangible direction your auditors will recognize.
A. Work with IT on Three “What If” Scenarios (Tabletop + Drill)
- Local-LLM on a staff endpoint emits short-lived scripts (enumeration to exfil to encrypt). What do we see (signals), what do we contain, and how fast can we prove scope?
- Cloud-only impact: attacker gains elevated identity and relaxes storage immutability, deletes snapshots, tampers keys. Can we detect the chain and roll it back?
- Encryptor-less: OS BitLocker flips on critical servers. How quickly do we isolate, restore, and who authorizes recovery key workflows?
B. Hedge Toward Readiness - Controls That Work Across All Three
- Govern AI and interpreters. Default-deny local LLM servers on endpoints; exceptions live in isolated, monitored VMs. Monitor Lua/Python/PowerShell launched from user-writable paths; alert on .lua/.py that have been created, executed, then deleted in minutes.
- Elevate control-plane visibility. Treat identity and storage analytics as first-class:
- Alerts for Global Admin/Owner changes and app consent grants;
- Retention/immutability relaxations, snapshot deletes, and Key Vault disable/rotate/delete;
- Bulk copy by automation identities at odd times (AzCopy/gsutil). These are ransomware canaries in a cloud tenant.
- Design for recoverability, not promises. Keep immutable backups with locks outside tenant-admin control; maintain documented rollback for storage and key policies; and prove restores quarterly (pick a system that hurts if you lose it).
C. How to Win Support Without FUD
Lead with facts from the last two weeks (PromptLock PoC; Storm-0501 cloud tactics; St. Paul/Nevada operations) and translate them into evidence-based asks:
- “Here are the signals we’re missing today in identity/storage.”
- “Here are the drills and restore proofs we’ll run this quarter.”
- “Here’s the metric we’ll report (TtC/TtR), not a pile of blocked hashes.”
That’s proactive problem leadership: no scare slides—just a plan you can defend publicly.
ATT&CK Anchors, Early Warnings, and Detections
Anchor techniques:
- T1059 (scripting: PowerShell/Python/Lua)
- T1486 (Encrypt for Impact)
- T1490 (Inhibit System Recovery)
- T1078/T1098 (Valid Accounts/Account Manipulation; .003 Additional Cloud Roles)
- T1530 (Data from Cloud Storage)
- T1565.001 (Stored Data Manipulation)
- T1552/T1555 (Credentials)
- T1608.002 (Stage Capabilities — treat local LLM as a staged capability)
High-signal early warnings (endpoint):
High-signal early warnings (cloud):
- Global Admin/Owner spikes; app consent grants; immutability/retention relaxations; snapshot deletions; Key Vault disable/rotate/delete; sudden AzCopy/gsutil by automation identities. (Exactly the Storm-0501 path.)
ATT&CK Anchors, Early Warnings, and Detections
“Ephemeral” and “AI-native” aren’t buzzwords; they describe where the work is moving: from objects to behaviors, from endpoints to identities, policies, and data planes. You don’t need a bigger siren. You need better signals and faster proofs. Govern local AI, watch the control plane, and rehearse the rollback. When the next headline breaks, your story should be boring: we saw it, we contained it, we restored in hours.
Prepare your defenses against emerging ransomware tactics. Consult with our experts.
Don't miss another article. Subscribe to our blog now.
