Cyber Security Researchers Warn Artists as LunaLock Ransomware Spreads, Encrypt Files and Steals Creative Assets

A new ransomware threat known as LunaLock has just shown up, causing concern among digital artists and illustrators throughout the world. This ransomware, discovered in September 2025, is distinct from others in that it targets a very specific group: freelance artists who share and sell their work online.

According to researchers, the attackers are mostly targeting users on Artists & Clients, a platform that connects independent creators with clients to create personalised artwork.The hackers send them fake emails that appear like payment reminders.These emails trick artists into downloading malware-containing attachments. When opened, the ransomware swiftly takes over their system.

After entering, LunaLock starts by scanning the system for valuable files, particularly art projects. It can even steal login information from tools such as Microsoft Teams and Slack, allowing attackers to spread through shared project folders and design folders. Victims have claimed that their Photoshop (PSD) and Illustrator (AI) files are being locked with the new ".lunalock" extension. Along with the encrypted data, they find a ransom note requesting payment in Monero, a cryptocurrency recognised for its secrecy properties.

LunaLock's double-extortion strategy doubles up the risk. The attackers not only encrypt files but also steal artwork before providing the decryption key. As a result, artists risk losing data as well as having their stolen work exploited or disclosed.

VenariX researchers determined that LunaLock is incredibly advanced. It employs multiple layers of attack, including specialised tools for spreading over networks, collecting passwords, and bypassing antivirus detection.One of its distinctive techniques is a small piece of JavaScript code that disables Windows Defender, allowing the malware to run without being blocked.

The way LunaLock spreads is tricky. Normally, viruses or ransomware save files directly onto your computer’s hard drive, which makes them easier for antivirus programs to spot and block. But LunaLock avoids this by running only in the computer’s memory like someone sneaking into a room, doing their work, and leaving without ever leaving fingerprints behind. It also ensures it stays active by creating a hidden scheduled task that runs every time the computer is restarted.

For artists, this attack is not only about money, it threatens their creativity and livelihood. Security experts recommend that freelancers, especially those working in digital art, take extra care with email attachments, enable strong two-factor authentication, and back up their work regularly.

The rise of LunaLock shows how cybercriminals are shifting focus toward creative professionals, not just big companies.For digital artists, losing access to their work means more than just financial loss, it threatens their art, reputation, and client relationships. Staying alert to suspicious emails, using stronger logins, and keeping secure backups can make a huge difference.

Information referenced in this article is from Cybersecuritynews