Redazione RHC : 3 September 2025 21:14
The hacker group LunaLock has added a new element to the classic extortion scheme, preying on the fears of artists and clients. On August 30, a message appeared on the Artists&Clients website, which connects independent illustrators with clients: the attackers reported the theft and encryption of all data on the resource.
The hackers promised to publish the site’s source code and users’ personal information on the darknet if the owner didn’t pay $50,000 in cryptocurrency. But the main lever was the prospect of transferring the stolen works and information to companies that train neural networks for inclusion in training sets.
The site posted a note with a countdown timer, warning that if the victim refused to pay, the files would be made public. The authors warned of possible penalties for violating GDPR and other laws. Payment was requested in Bitcoin or Monero. Screenshots of the notification were shared on social networks, and even Google managed to index the page with the message, after which Artists&Clients stopped working: When attempting to log in, users see a Cloudflare error.
Most of the text appears to be a standard ransomware attack message. What’s new is the mention of the intention to hand over the stolen drawings and data to AI developers. Experts noted that this is the first time they’ve seen the topic of access to training sets used as a pressure method. Until now, this possibility had only been discussed theoretically: for example, that criminals could analyze the data to calculate the ransom amount.
It’s not yet clear how exactly the attackers will transfer the artwork to the algorithm’s developers. They could publish the images on a regular website and wait for them to be detected by language model crawlers. Another option is to upload the images via the services themselves, if their rules allow the use of user content for training. In any case, the threat itself is pushing the community of artists and clients to pressure the resource administrators by demanding ransom payments to maintain control over their works.
The Artists&Clients website remains unreachable at this time. Meanwhile, users continue to discuss the threat and share screenshots online, further increasing the visibility of the attack.
Redazione