Traditional ransomware relies on static binaries and manual intervention, limiting adaptability and evading modern defenses. Method: This work introduces “Ransomware 3.0”—the first fully autonomous, LLM-driven, closed-loop ransomware threat model. Instead of embedding precompiled payloads, it injects only natural-language prompts into the binary; at runtime, an open-source LLM dynamically synthesizes polymorphic, environment-adapted malicious code for reconnaissance, payload generation, and personalized ransom negotiation—leveraging automated reasoning, context-aware decision-making, and real-time code synthesis without human involvement. Contribution/Results: We empirically validate feasibility across endpoints, enterprise systems, and embedded devices. Multi-layer telemetry analysis uncovers distinctive behavioral signatures and novel AI-enabled attack vectors. This is the first demonstration of end-to-end, autonomous planning and execution of a complete ransomware lifecycle by an LLM—providing foundational empirical evidence for AI security research and adversarial red-teaming.

Using automated reasoning, code synthesis, and contextual decision-making, we introduce a new threat that exploits large language models (LLMs) to autonomously plan, adapt, and execute the ransomware attack lifecycle. Ransomware 3.0 represents the first threat model and research prototype of LLM-orchestrated ransomware. Unlike conventional malware, the prototype only requires natural language prompts embedded in the binary; malicious code is synthesized dynamically by the LLM at runtime, yielding polymorphic variants that adapt to the execution environment. The system performs reconnaissance, payload generation, and personalized extortion, in a closed-loop attack campaign without human involvement. We evaluate this threat across personal, enterprise, and embedded environments using a phase-centric methodology that measures quantitative fidelity and qualitative coherence in each attack phase. We show that open source LLMs can generate functional ransomware components and sustain closed-loop execution across diverse environments. Finally, we present behavioral signals and multi-level telemetry of Ransomware 3.0 through a case study to motivate future development of better defenses and policy enforcements to address novel AI-enabled ransomware attacks.