Lunalock
LunaLock emerged in September 2025 targeting creative and digital platforms, notably breaching an illustrator marketplace and a Mexican ISP, and is notable for threatening to submit stolen artwork to AI companies for training if the ransom is not paid.
Victims
2
First Discovered
2025-09-02
victim
Last Discovered
2025-09-16
victim
Inactive Since
246
days
Avg Delay
3
days
Infostealer
0.0%
victims with domain
Countries
2
hit
Attack Velocity — Last 12 months
Known Locations (2)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
Victims | LunaLock | No | 2026-04-28T07:24:46 |
lunalockcccxzkpfovwzifwxcytqkiuak6wzybnniqwxcmpsetpbetid.onion
|
|||
|
Enter Support ID | No | 2026-04-28T07:27:20 |
lunachataclss7bvlhk5zxs6pqpunxljeqhrn2bfl6wkhlwqxvgwgayd.onion
|
Target
Top 5 Activity Sectors
- Telecommunication 1
- Consumer Services 1
Top 5 Countries
-
Mexico
1
-
United States
1
Heatmap
Ransom Notes (1)
YARA Rules (1)
Indicators of Compromise (IoCs) (1)
Email
1
| Type | IOC |
|---|---|
Email
|
alt.r1-2xuldec@yopmail.com
|
Victims (2)
JAFICA Telecomunicaciones is a Mexican internet service provider.…
We have breached the website Artists&Clients to steal and encrypt all its data. If you are a user of…