Cybercriminals behind ransomware attacks are adopting new intimidation methods to push victims into paying up. In a recent case, the LunaLock ransomware gang has escalated tactics by threatening to sell stolen artwork for AI training datasets.

The popular platform Artists&Clients, which connects artists with clients for commissioned projects, was hacked around August 30. According to reports, a ransom note appeared on the site’s homepage stating: “All files have been encrypted and the site has been breached.” The attackers demanded at least $50,000 in Bitcoin or Monero, promising to delete stolen data and restore access once payment was made.

What sets this attack apart is the warning that stolen artwork could be handed over to “AI companies” to train large language models. This is especially alarming as Artists&Clients explicitly prohibits AI involvement on its platform. Security researcher Tammy Harper highlighted, “this is the first known instance of a ransomware group explicitly using AI training as a threat to extort victims.”

If the ransom is not paid, LunaLock claims it will leak sensitive information including personal data, commissions, and payment records—potentially triggering GDPR violations in Europe. While the group did not clarify how they would provide the artwork to AI firms, experts suggest they might simply publish an open database accessible to AI crawlers.

Currently, the Artists&Clients website is offline, leaving users anxious about compromised messages, transactions, and commissioned work. No official statement has been released by the platform. Harper emphasized that this tactic may hit creators especially hard, as many strongly oppose their work being exploited for AI training without consent or compensation.