Gen Z faces significant challenges regarding cybersecurity practices, according to a recent report by the consumer insights platform GWI. Despite being digital natives, only 30% of Gen Z regularly change their passwords, compared to 42% of Baby Boomers. Moreover, just 36% use antivirus software, while only 43% keep their software and devices updated. The report highlights that Gen Z is more trusting of technology, with 18% comfortable allowing artificial intelligence to act on their behalf, a stark contrast to 4% of Baby Boomers. However, a positive takeaway is that 91% of Gen Z believe training on data security should be a workplace priority. The study underscores the need for better cybersecurity habits among this generation, which often relies on automated features that create a false sense of security.
Analysts have discovered the first known ransomware strain powered by artificial intelligence, named “PromptLock,” which is currently under development. Researchers from ESET, Anton Cherepanov and Peter Strycek, reported that while the ransomware has not yet been deployed in active attacks, it utilizes an AI model to generate scripts for data exfiltration and encryption in real time. PromptLock leverages the gpt-oss:20b model from OpenAI and is written in the Go programming language. Variants for both Windows and Linux systems have been identified, and the ransomware’s Bitcoin payment address appears linked to the original creator of Bitcoin, Satoshi Nakamoto. The researchers emphasize that this new AI-driven malware presents significant challenges for cybersecurity defenses, as the variability in the indicators of compromise could complicate detection efforts.
Microsoft has issued a warning regarding a ransomware gang that has shifted its focus to stealing data stored in the cloud and locking companies out of their own systems. The threat actor, known as Storm-0501, has been conducting attacks since 2021, initially targeting on-premises environments but now employing cloud-based tactics to exfiltrate large volumes of data while destroying backups. In a recent campaign, Storm-0501 successfully infiltrated a large enterprise with varying security measures by exploiting accounts without multi-factor authentication. After gaining access, the hacker created a backdoor to the company’s cloud network, exfiltrated sensitive data, and attempted to delete Azure resources, ultimately demanding a ransom via Microsoft Teams. This shift in tactics reflects a broader trend among ransomware gangs increasingly targeting cloud data, with several high-profile breaches reported over the past year.
Why do we care?
So here’s a trifecta of cyber risks. Gen Z—the so-called digital natives? Turns out they’re worse at basic security than Boomers. They trust tech too much and don’t patch or change passwords. Sure, they say they want training, but unless policies back that up, it’s window dressing.
Then there’s PromptLock—AI-powered ransomware. It’s not live yet, but it shows what’s coming. Malware that writes itself on the fly, making signature-based AV basically useless. If your stack is still relying on that alone, you’re already behind.
And Microsoft just flagged Storm-0501, a crew now going after cloud data. They skip the servers and go straight for SaaS, exploiting accounts without MFA. They exfiltrate data, delete backups, and demand ransom right through Teams.
Cloud, identity, and human behavior are the front lines. If you’re not enforcing MFA, testing backups, and moving past checkbox training—you’re not protecting your customers. Period.