AI Agent Pulls Off a Ransomware Attack Without Human Help | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


Agentic AI
,
Fraud Management & Cybercrime
,
Ransomware

Researchers Say the Attack Combined AI Decision-Making With Known Software Flaws

Image: Magnific

An autonomous artificial intelligence agent has carried out what researchers describe as the first agentic ransomware attack, exploiting vulnerabilities, stealing credentials and encrypting a production database without human intervention.

See Also: Know Thy Enemy: Threats to Cyber Resilience

Cloud security firm Sysdig attributed it to a threat actor it tracks as Jadepuffer. Researchers said the incident shows that large language models can autonomously execute a full ransomware life cycle, including reconnaissance, credential theft, lateral movement, privilege escalation and data encryption.

The findings come as the cybersecurity agencies of the Five Eyes alliance warn that advances in AI are accelerating the speed, scale and sophistication of cyberthreats. “The timeline is not years; it is months,” the agencies said in a joint statement in June.

The intrusion began with the exploitation of CVE-2025-3248, a critical authentication bypass vulnerability in Langflow’s code validation endpoint. Langflow is an open-source framework used to build AI applications and agent workflows. The flaw enables unauthenticated remote code execution on exposed servers and was added to CISA’s Known Exploited Vulnerabilities catalog in May.

After gaining access, Jadepuffer searched the compromised environment for cloud credentials, API keys, cryptocurrency wallets, configuration files and database secrets. It dumped Langflow’s PostgreSQL database to harvest stored credentials, scanned internal networks and accessed an exposed MinIO object storage service using default credentials. Researchers said the agent also established persistence by deploying a cron job that beaconed to attacker-controlled infrastructure every 30 minutes.

Using the harvested credentials, the AI agent moved to a separate, internet-exposed production server running MySQL and Alibaba’s Nacos configuration platform. It exploited CVE-2021-29441, abused Nacos’ default JWT signing key and injected a backdoor administrator account into the platform’s database before launching the extortion phase.

The ransomware encrypted 1,342 Nacos configuration records using MySQL’s built-in encryption functions, deleted the original tables and replaced them with a ransom note demanding payment in Bitcoin.

Sysdig said the AI agent adapted when an attempt to create an administrator account failed, diagnosing the error and generating a working alternative within 31 seconds. Researchers also identified hundreds of payloads containing natural-language reasoning and self-generated annotations explaining the agent’s decisions.

The attack did not rely on zero-day vulnerabilities or novel techniques. Instead, it combined known vulnerabilities, exposed services, default credentials and publicly documented weaknesses into an automated intrusion chain.

Sysdig said it found no evidence that the attackers retained a decryption key or backup of the encrypted data, suggesting victims would be unable to recover their information even if they paid the ransom.



——————————————————–


Click Here For The Original Source.

.........................

National Cyber Security

FREE
VIEW