Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

LunaLock Ransomware threatens victims by feeding stolen data to AI models

LunaLock, a new ransomware gang, introduced a unique cyber extortion technique, threatening to turn stolen art into AI training data. A new ransomware group, named LunaLock, appeared in the threat landscape with a unique cyber extortion technique, threatening to turn stolen art into AI training data. Recently, the LunaLock group targeted the website Artists&Clients and […]

LunaLock ransomware

LunaLock, a new ransomware gang, introduced a unique cyber extortion technique, threatening to turn stolen art into AI training data.

A new ransomware group, named LunaLock, appeared in the threat landscape with a unique cyber extortion technique, threatening to turn stolen art into AI training data.

Recently, the LunaLock group targeted the website Artists&Clients and stole digital art. The group demanded $50K to the victims, threatening leaks and the use of the stolen data to train large language models (LLMs).

“We have breached the website Artists&Clients to steal and encrypt all its data. If you are a user of this website, you are urged to contact the owners and insist that they pay our ransom. If the ransom is not paid, we will release all data publicly on this Tor site, including source code and personal data of users. Additionally, we will submit all artwork to AI companies to be added to training datasets.” reads the announcement published by the ransomware group on its Tor data leak site.

LunaLock hackers are technically skilled and appear to be native English speakers.

This new type of extortion aims to compromise victims’ intellectual property by including stolen data in datasets used to train LLMs. In the future, other ransomware groups could upload stolen data to publicly accessible databases, making it easily scraped by AI training pipelines. Once included in AI models, the data becomes effectively permanent, unlike dark web leaks that may fade over time. LunaLock’s approach sets a dangerous precedent.

Experts note LunaLock’s attack on Artists&Clients is unusual, as ransomware usually targets sectors likely to pay. Double or triple extortion may fail with freelancers. Artists are already protecting work from both hackers and AI data scraping.

AI firms like OpenAI, Google, and Anthropic scrape online art to train models. Anthropic recently agreed to pay at least $1.5B to settle a copyright lawsuit by authors, the first U.S. AI-copyright case.

To counter this, Ben Zhao, a computer science professor at the University of Chicago Ben Zhao, created Glaze and Nightshade, tools that subtly alter images so they appear normal to humans but mislead AI training.

Launched in 2022, Zhao’s tools Glaze and Nightshade have over 3M downloads and are widely used by artists to protect their work from AI scraping and ransomware threats like LunaLock.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, LunaLock ransomware)