LunaLock is a ransomware group/strain observed in 2025. Reporting cited in the provided content describes LunaLock as a newly emerged ransomware operation with limited observed activity, including one source noting it registered a single incident among minimal-activity groups. A distinctive extortion tactic attributed to LunaLock is threatening victims by feeding stolen data to AI models. The content does not provide confirmed technical details on payload functionality, encryption mechanisms, initial access vectors, specific malware family lineage, victimology, targeted platforms, or associated threat actors beyond its identification as a ransomware group. No high-confidence indicators of compromise are provided in the source material.
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Minimal-activity ransomware brand referenced as part of the long-tail of operators.
Ransomware group known for unique extortion tactics, including threatening victims by feeding stolen data to AI models.
Ransomware operation reported to have hacked an art-commissioning portal and extorted victims by threatening to submit stolen artwork for AI model training unless a ransom is paid.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.