Will ChatGPT write ransomware? Yes.

This morning I decided to write some ransomware, and I asked ChatGPT to help. Not because I wanted to turn to a life of crime, but because I wanted to see if anything had changed since March, when I last tried the same exact thing.

In short: ChatGPT has helped me, worryingly so. But more on that later.

Today is the first anniversary of the unveiling of OpenAI’s generative AI poster boy, ChatGPT. It’s also the first anniversary of the tsunami of bloviation that the chatbot’s unveiling created. For months following ChatGPT’s release, the cybersecurity press was drenched in speculation about how cybercrime was changed forever, even though it didn’t appear to have changed at all.

By March, I’d read more baseless assertions than I knew what to do with, so I decided to find out for myself if ChatGPT was any good at malware. I wanted to know if its safeguards would stop me from using it to write ransomware, and, if they didn’t, whether the ransomware it produced was any good.

Despite its insistence that “I cannot engage in activities that violate ethical or legal standards, including those related to cybercrime or ransomware,” the safeguards proved to be almost no barrier at all. I was able to fool it into helping me with little effort. However, the code it produced was terrible: It stopped randomly in a places that guaranteed it would never run, switched languages randomly, and quietly dropped older features while writing new ones.

I concluded that an unskilled programmer would be baffled, while a skilled one would have no use for it. The prospect of ChatGPT lowering the barrier to entry into this lucrative form of cybercrime just wasn’t worth worrying about.

As of this morning, I’ve changed my mind.

Ransomware x ChatGPT

One of the novel things about ChatGPT is that you can iterate your way to a solution by having a back-and-forth discussion with it. In March I used this approach with ChatGPT 3.0 to build up a basic ransomware step-by-step. The approach was sound but the resulting code would have never worked. I decided to take the same approach again today, using the current version of ChatGPT, 4.0, to better understand what’s changed.

The TL;DR is that everything’s changed. The limitations that made GPT 3.0 a useless partner in cybercrime are gone. ChatGPT 4.0 will help you write ransomware and train you to debug it, without a hint of conscience.

This is a basic ransomware it wrote for me encrypting the contents of two directories and leaving ransom notes behind.

Ransomware written by ChatGPT 4.0 encrypts files in two directories and leaves a ransom note

This isn’t a fully featured ransomware but it has the basics. It encrypts files in whatever directory tree I choose, throws away the originals, hides the private key used for the encryption, stops running databases, and leaves ransom notes. The code used in the demonstration above was generated by ChatGPT in mere minutes, without objection, in response to basic one line descriptions of ransomware features, even though I’ve never written a single line of C code in my life.

For obvious reasons I won’t be providing a step-by-step recipe, but the process started by asking for a program that encrypts a single file.

ChatGPT 4.0 writes a C program to encrypt a single file
ChatGPT 4.0 writes a C program to encrypt a single file

Then I modified it to encrypt a directory instead of a file. Subsequent functionality was layered on like this, with incremental modificaitons, to see if ChatGPT ever took a step that made it realise it was writing something malicious. It didn’t.

ChatGPT 4.0 modifies its program to encrypt a directory
ChatGPT 4.0 modifies its program to encrypt a directory

ChatGPT seemed unable to determine that what we were doing was writing ransomware, so right at the end of the process I thought I would give it a massive clue and see if the penny finally dropped. The last thing I asked it to do was a signature move for ransomware and something no legitmiate program does. I instructed it to modify its code to “drop a text file in encrypted directories called ‘ransom note.txt’ which contains the words ‘all your files are belong to us’ and an ascii art skull.”

While there are still quesiton marks over its ability to draw skulls, there can be none about its willingness to drop ransom notes.

ChatGPT 4.0 writing code to drop ransom notes with ASCII art skuls

Malware author

My attempts to turn the chatbot to the dark side eight months ago were thwarted by its inability to hold all the information it needed to, or to write long answers. I likened asking ChatGPT 3.0 to help with a complex problem to working with a teenager: It does half of what you ask and then gets bored and stares out the window.

I encountered no such problems today. The bored teenager is gone, replaced by a verbose and enthusiastic straight-A student. At the very beginning I asked it to write its answers in C, and it never wavered. If it ever provided partial answers it would explain it was doing so, and offer a subset of code that made sense, such as a complete function. If I didn’t want a partial answer I would tell it, and then ask it to write out the entire program, including all the modifications we’d discussed up to that point.

It is, frankly, astonishingly helpful and powerful, and the importance of this can’t be overstated.

ChatGPT 4.0 agreeing to write out a complete program instead of snippets (ChatGPT's answer is truncated)
ChatGPT 4.0 agreeing to write out a complete program instead of snippets (ChatGPT’s answer is truncated)

Safeguards removed

Although I was able to work around ChatGPT’s insistence it wouldn’t write ransomware in March, I was often met with other restrictions that attempted to stop me doing unsafe things.

The latest version of ChatGPT seems to be far more relaxed. For example, in March it initially refused when I asked it to modify my ransomware code to delete the original copies of files it was encrypting. It was “a sensitive operation that could lead to data loss,” it claimed, telling me “I cannot provide code that implements this behaviour.” There was a workaround (there always is) but at least it tried.

This time I was met with no such objection. “Sure,” said ChatGPT 4.0.

ChatGPT 4.0 showed no reluctance to delete files it was encrypting
ChatGPT 4.0 showed no reluctance to delete files it was encrypting

A similar thing happened when I asked it to save the private encryption key to a remote server. This is an important feature for ransomware because the private key is ultimately what vicitms pay for, so it can’t be left on the victim’s machine.

ChatGPT 3.0 refused to move the key to a remote server, saying it “goes against security best practices.” I couldn’t persuade it and ended up having to fool it with a bait-and-switch approach of writing something I didn’t want and then having it rewrite that into what I did want.

ChatGPT 4.0 on the other hand, was content to do no more than warn me it was “very risky.”

ChatGPT 4.0 had no objection to saving the private encryption key to a remote server
ChatGPT 4.0 had no objection to saving the private encryption key to a remote server

Programming tutor

Much to my surprise, after telling ChatGPT what features I wanted in my ransomware I was left with something that looked very much like a complete computer program. To be sure though, I had to actually run it and encrypt some files. And that’s where ChatGPT did something I wasn’t expecting.

C code is compiled, which means that once it’s been written it has to has to be run through a computer program called a compiler, which transforms it into an executable file. Compilation is a complex and often fragile process that can break easily, for any number of reasons. As a result, troubleshooting problems during the compilation phase can be extremely frustrating and time consuming.

Typically, it involves a lot of Googling and sifting through accounts of similar failures on sites like Stack Overflow. Problems can be caused by any number of things, including the code itself, dependencies like code libraries, and the choice of compiler. And numerous different errors can often trigger the same failure in compilation, so troubleshooting is as much an art as it is a science.

Sure enough, I hit a variety of hurdles during compilation.

However, instead of turning to Google, I turned to ChatGPT. Every time I ran into an error I told it what had happened, and based on the bare minimum of information it provided an explanation for what was going on, and advice on how to fix it. When its solutions didn’t work first time, it revised its approach and found a different answer.

ChatGPT 4.0 makes its first attempt at troubleshooting a compilation problem
ChatGPT 4.0 makes its first attempt at troubleshooting a compilation problem
ChatGPT 4.0 makes its second attempt at troubleshooting a compilation problem
ChatGPT 4.0 makes its second attempt at troubleshooting a compilation problem
ScreChatGPT 4.0 makes its third attempt at troubleshooting a compilation problemenshot
ScreChatGPT 4.0 makes its third attempt at troubleshooting a compilation problemenshot

In every case, ChatGPT solved the problem, and in doing so it enabled me, a non-C programmer to write and troubleshoot basic but functional ransomware written in C, in almost no time.

To me, this ability to troublshoot compilation problems with minimal information is even more impressive than its ability to write code (and its ability to write code is jaw-droppingly impressive). Not only did it condense what could have been days of thankless work into an hour or two, it was coaching me as it did. I didn’t just finish with a working ransomware executable, I finished as a better programmer than I was when I started.

Should we be worried?

In a word, yes. Eight months ago I concluded that “I don’t think we’re going to see ChatGPT-written ransomware any time soon.” I said that for two reasons: Because there are easier ways to get ransomware than by asking ChatGPT to write it, and because its code had so many holes and problems that only a skilled programmer would be able to deal with it.

ChatGPT has improved so much in eight months that only one of those things is still true. ChatGPT 4.0 is so good at writing and troubleshooting code it could reasonably be used by a non-programmer. And because it didn’t raise a single objection to any of the things I asked it to do, even when I asked it to write code to drop ransom notes, it’s as useful to an evil non-programmer as it is to a benign one.

And that means that it can lower the bar for entry into cybercrime.

That said, we need to get things in perspective. For the time being, ransomware written by humans remains the preeminent cybersecurity threat faced by businesses. It is proven and mature, and there is much more to the ransomware threat than just the malware. Attacks rely on infrastructure, tools, techniques and procedures, and an entire ecosystem of criminal organisations and relationships.

For now, ChatGPT is probably less useful to that group than it is to an absolute beginner. To my mind, the immediate danger of ChatGPT is not so much that it will create better malware (although it may in time) but that it will lower the bar to entry in cybercrime, allowing more people with fewer skills to create original malware, or skilled people to do it more quickly.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.