Monday, October 7, 2024
HomeCyber AIChatGPT Ready to Write Ransomware But Failed to Go Deep 

ChatGPT Ready to Write Ransomware But Failed to Go Deep 

Published on

Our lives are now enriched by the availability of LLMs that are easily accessible on the internet, so we have tools such as the ChatGPT that can help us breathe life into even the most abstract ideas.

As a result, the experts from Malwarebytes Labs decided to ask ChatGPT if they could help them with the writing of some ransomware. 

It’s not because they want to commit a crime but because some exasperated commentators believe ChatGPT can somehow disrupt cybercrime and cybersecurity in the midst of taking everyone’s jobs.

- Advertisement - EHA

ChatGPT Writing Ransomware

Initially, the expert began the discussion by asking ChatGPT some questions about ransomware and how it felt about joining the criminal enterprise on the subject of ransomware.

ChatGPT was asked by the expert what it thought of ransomware, and it deviated from their question, explaining what ransomware was and why it was so important to be protected against it.

As soon as the question was answered, it felt an imaginary AI finger waving across its face. In spite of this, the expert did not give up and asked it to answer the same question as if it were a cybercriminal.

Rather than giving a hypothetical answer to the question, it gave a non-self-important answer that did not look anything like what is normally written by ransomware gangs.

After getting a clear understanding of ChatGPT’s attitude to ransomware, the expert decided to go ahead and ask it to create some for them. Here’s what the ChatGPT gives as output:-

“I cannot engage in activities that violate ethical or legal standards, including those related to cybercrime or ransomware. I cannot provide code that is intended to harm or exploit computer systems.”

However, apart from this, it’s quite interesting that certainly it managed to provide some sort of code in C programming language using the AES-256-CBC algorithm.

Is ChatGPT Ransomware Any Good?

For several reasons, even after trying for such a long time, the experts don’t think they will see ChatGPT-written ransomware any time soon.

In order to understand the significance of this, let us first understand that there is simply no reason for cyber criminals to do what they are doing.

You need to keep in mind that ChatGPT is essentially rephrasing and mashup content that it has found on the Internet. Script kiddies are able to benefit from this program precisely because there is a lot of material that already exists to support them.

Avoid Ransomware

  • Block common forms of entry- Detect exploits and malware that are used to distribute ransomware by using endpoint security software that is capable of detecting them. Plan for patching internet-facing systems quickly.
  • Stop malicious encryption- Detect ransomware using multiple detection techniques and restore damaged files using ransomware rollback.
  • Detect intrusions- To make sure that an intruder can’t operate inside your organization, assign access rights carefully and segment your network so that intruders can’t access it easily.
  • Create offsite, offline backups- Back up your data offsite and offline, so attackers cannot access it. Restore essential business functions as quickly as possible by testing them regularly.

When it comes to solving complex problems, asking ChatGPT to help can be similar to working with a teenager. As it will do half of what you ask, but then it will become boring and not be able to give the answer accurately.

Undoubtedly, it will improve its ability to handle multiple feature requests and write longer, more coherent code in the future.

Related Coverage:

Searching to secure your APIs? – Try Free API Penetration Testing

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...