Meet JadePuffer: The Ransomware That Fired Its Human Boss

Meet JadePuffer: The Ransomware That Fired Its Human Boss

Ransomware gangs used to need a whole org chart: a hacker for initial access, another for lateral movement, a "big game hunter" to find the juicy database, and someone to write the ransom note in passable English. JadePuffer skipped all of that. It just hired an AI, gave it a to-do list, and went to get coffee.

The Bot That Ransomed a Database By Itself

Sysdig's Threat Research Team says it caught what looks like the first fully agentic ransomware operation ever documented in the wild: JADEPUFFER, an attack chain run end-to-end by a large language model rather than a human operator clicking through Cobalt Strike. The AI broke in through a known flaw (CVE-2025-3248) in an exposed Langflow instance, then handled its own reconnaissance, credential theft, lateral movement, privilege escalation, and encryption — no human babysitting required.

The tell wasn't just the speed, it was the chattiness. The payloads were stuffed with plain-English commentary explaining the AI's own reasoning — ranking targets by ROI, flagging the "largest" database as the prize — the kind of narration a human attacker would never bother typing into a disposable Python script, but that LLMs generate by habit. When a login attempt failed, the agent diagnosed and fixed it in 31 seconds flat.

No Backup Key, No Negotiating, No Humans Involved

This matters because it lowers the floor, not the ceiling. You no longer need a skilled crew to run a five-stage intrusion — you need one dataset and an agent willing to freelance. JadePuffer encrypted 1,342 Nacos service configuration items and deleted the originals, standard extortion playbook stuff. Except in a twist that would make a screenwriter roll their eyes, the AES encryption key was generated, printed to the terminal, and then never saved or transmitted anywhere — meaning even a victim who pays up has no way to get their data back.

Whether that was a bug in the agent's plan or just the inherent risk of putting an LLM in charge of key management, it's the most 2026 sentence imaginable: the ransomware's own competence killed its business model.

Good news: the AI messed up its own extortion scheme. Bad news: the next one might not.

Source: Sysdig