AI Used in Ransomware Attack

Researchers have found what they believe is the first ransomware attack carried out from start to finish by an AI agent. An operator they dubbed “Jadepuffer” used an LLM to handle most of the attack sequence, including gaining access, stealing credentials, moving laterally, and finally encrypting the victim’s production database. The initial attack vector was the exploitation of a known missing-authentication vulnerability, CVE-2025-3248, in Langflow, an open-source tool for building AI apps and agent workflows. Once inside, the agent moved quickly and cleaned up after itself. It mapped the machine, then searched it for secrets: API keys for AI services such as OpenAI, Anthropic, DeepSeek, and Gemini, cloud credentials for Chinese providers such as Alibaba and Tencent, alongside AWS, Google, and Azure crypto wallet keys and database logins. It then pivoted to a separate, internet-facing server running a MySQL database and Alibaba’s Nacos, a configuration and service directory common in microservices environments. The threat actor logged into the database as root. They then encrypted all 1,342 Nacos settings, dropped the original tables, and left a ransom note demanding Bitcoin with a Proton Mail contact. The threat actor generated a random encryption key, printed it to the screen once, and never saved or sent it anywhere, essentially making it impossible to decrypt the impacted data. The clearest sign that the attack involved the use of AI was the code itself. The attack payloads were full of plain-English notes explaining why each step was being taken: a running commentary that a human hacker would likely never bother to write, but that a model may produce by default. The attacker also responded very quickly to problems as they arose. In one case, it went from a failed login to a correct, multi-step fix in 31 seconds, diagnosing the exact cause instead of blindly retrying, suggesting that an AI agent may have been involved. [1]

Assessment

There is not enough information to determine whether this attack was indeed conducted solely by an AI agent, as the researchers claim, or whether it was carried out by a human operator using an AI tool and evaluating each step before issuing new instructions to the AI. The attack did not display any particular sophistication, quite the opposite. The vulnerability exploited was over a year old, and the ransomware encryption was poorly implemented, meaning the victim would not have been able to recover the files even if they had paid the ransom. This is a critical mistake for a serious ransomware operator. Using AI to automate part or all of the attack chain is also more of an evolution than a revolution in ransomware. Some ransomware groups that specialize in attacking smaller victims used scripts to automate their attacks long before AI became widely used. The smaller the environments, the easier it is to automate attack sequences. The cybercriminals’ business model relies on a large volume of victims and can remain profitable even if many attacks fail. Nevertheless, the attack shows how the use of AI can lead to faster, if still unsophisticated, attacks that give victims less time to react.

References

[1] https://www.sysdig.com/blog/jadepuffer-agentic-ransomware-for-automated-database-extortion

  • Insight
AI ATTACK CYBER

Researchers have found what they believe is the first ransomware attack carried out from start to finish by an AI agent. An operator they dubbed “Jadepuffer” used an LLM to handle most of the attack sequence, including gaining access, stealing credentials, moving laterally, and finally encrypting the victim’s production database.

Stay ahead with cyber insights

Newsletter

Stay ahead in cybersecurity! Sign up for Truesec’s newsletter to receive the latest insights, expert tips, and industry news directly to your inbox. Join our community of professionals and stay informed about emerging threats, best practices, and exclusive updates from Truesec.

Latest Insights