38 claimed victims in just over a year, post-quantum-resistant hybrid encryption, and a ransom note threatening to notify regulators and alert the victim’s competitors. First spotted in March 2025, AiLock stands out less for its size than for this three-tiered extortion mechanism, whereas most operators that have emerged since early 2025 stick to the threat of data publication. In just over a year of documented activity, the group has claimed victims across three continents, with a clear concentration in the United States.
Discovered in March 2025, tracked only starting in 2026
Zscaler ThreatLabz was the first to publicly mention AiLock in March 2025, after identifying a previously unseen ransom note signed by the group. At that point, neither the malware samples nor the leak site were accessible. The first comprehensive technical analysis did not arrive until July 2025, authored by Huiseong Yang (S2W TALON), a researcher at the South Korean cybersecurity firm S2W, based on samples that S2W had obtained on its own.
At that time, only five victims were listed on the group’s leak site. The pace then accelerated. According to data from ransomware.live collected in early June 2026, AiLock had 38 claimed victims, the first recorded on March 3, 2026, and the most recent on June 4, 2026. According to S2W, the group has also relocated its infrastructure several times since its discovery, opening new leak sites.
A hybrid ChaCha20 encryption paired with a post-quantum algorithm
Yang’s analysis highlights an atypical encryption scheme. Developed in C/C++, AiLock combines ChaCha20 and NTRUEncrypt256: ChaCha20 encrypts the file contents, while NTRUEncrypt256 protects the metadata, starting with the ChaCha20 key itself. NTRUEncrypt is a post-quantum resistant algorithm, an uncommon choice among the ransomware families analyzed to date.
The implementation leverages IOCPs (I/O Completion Ports) for multithreaded processing, which accelerates encryption on multi-core systems. The ransomware launches two types of threads in parallel: a Path Traversal Thread that identifies files to encrypt and passes them along, and an Encryption Thread that performs the operation, constructs a file footer, and renames the extension. The strategy varies by file size: full encryption for files under 100 MB, partial encryption for larger files. This partial encryption of large files, common in recent ransomware, is sufficient to render them unusable while reducing execution time, thereby narrowing the detection window.
The malware also complicates its static analysis. Its character strings are obfuscated using an XOR operation with an 8-byte repeated key, and all its system functions are resolved dynamically at runtime via LoadLibrary() and GetProcAddress(), rather than hardcoded in plaintext within the binary. The configuration embedded in the .data section is itself encrypted using ChaCha20 with a hardcoded key and nonce; a marker (DE AD BA BE / BA BE DE AD) and a SHA-256 checksum ensure its integrity before encryption begins.
At runtime, AiLock stops services and processes that lock files (via ControlService() and TerminateProcess()), empties the Recycle Bin, and creates a mutex named FAUST to prevent duplicate executions. It replaces the icons of encrypted files and the desktop background, then drops a ReadMe.txt ransom note in each affected directory. Several command-line options extend its functionality: with -del, it erases its own traces via a ping 127.0.0.1 sequence followed by a del command; in -full mode, it scans all mounted drives; with -shares, it resolves paths to shared network resources via the WNet APIs and encrypts them as well.
Three levers of pressure: publication, regulator, competitor
The AiLock ransom note (ReadMe.txt) explicitly outlines its threats. Beyond encrypting systems and exfiltrating data, the group announces three actions in the event of non-payment: publishing the data on a leak site, notifying the data protection authority of the affected country, and alerting the victim’s competitors via email and social media. The note explicitly invokes each country’s personal data protection laws (PDPL), capitalizing on the fear of regulatory penalties that a reported violation would entail.
Cybersecurity researcher Graham Cluley quotes an excerpt, translated here from English: “Every country has its own PDPL (Personal Data Protection Law) regulations. If you do not reach an agreement with us, information regarding your companies and your customers’ data will be published online, and the data protection authority of the relevant country will be notified.”
The deadlines are tight: 72 hours to begin negotiations, 5 days to finalize payment. After these deadlines pass, the group threatens to publish the data and destroy the recovery tools. In exchange for payment, it promises confidentiality, “deletion logs” purported to verify the erasure of data, and even IT security advice—all unverifiable promises.
This combination increases the pressure on organizations that, otherwise, could do without the decryption key thanks to their backups. The regulatory leverage is particularly effective against entities subject to the GDPR in Europe or the CCPA (California Consumer Privacy Act) in California. It is a variation of classic double extortion, to which two external channels of pressure are added rather than just the threat of publication.
A diverse range of SMEs, with a majority of victims in the U.S.
Of the 38 victims claimed as of early June 2026, the geographic distribution is clearly skewed: 21 in the United States, 3 in the United Kingdom, 2 in Germany, 2 in Canada, with the remaining victims spread across the Netherlands, Taiwan, Switzerland, Poland, Norway, South Korea, and China. The sectors most affected are business services (9 victims), manufacturing (7 victims), consumer services and technology (5 victims each), and construction (4 victims).
The profile of the victims listed illustrates this diversity: the Swiss carpentry firm Schneebeli AG, the medical rehabilitation technology manufacturer Restorative Therapies Inc., the Taiwanese ergonomic furniture manufacturer Artso International, Accretech America Inc. (the U.S. subsidiary of Tokyo Seimitsu), as well as a U.S. law firm (Aaronson Rappaport Feinstein & Deutsch), a regional telecommunications operator (Eeyou Communications Network), an animal health products distributor (Revival Animal Health), and a food producer (Raw Seafoods).
The incident that received the most media attention remains the claim against England Hockey in March 2026, covered notably by BleepingComputer. AiLock claimed to have exfiltrated 129 GB of data from the organization, which governs field hockey in England (more than 800 clubs, approximately 150,000 registered players, 15,000 coaches, referees, and officials). England Hockey confirmed that it is conducting an investigation with external specialists and in cooperation with the authorities, without confirming at this stage whether the data was actually exfiltrated.
A RaaS model backed by a peel chain money laundering scheme
AiLock presents itself as a RaaS (Ransomware-as-a-Service) operation and recruits affiliates responsible for deploying the malware in exchange for a share of the ransoms. The group markets itself as “AI-assisted, ” though no technical analysis published to date has specified what this component entails in its operations or in the malware itself.
In October 2025, TRM Labs, a specialist in blockchain analysis applied to financial crime, documented the group’s financial flows. AiLock uses a so-called “peel chain” scheme, in which received funds are transferred in small, successive increments to obscure their traceability. The majority is routed to the Wasabi Bitcoin mixer, with a smaller portion passing through FixedFloat, a high-risk non-custodial exchange platform. The funds are then frequently converted to Monero before continuing their journey.
The use of Wasabi and Monero is consistent with the practices of other operators seeking to complicate tracing by investigators, such as established groups like Qilin.
Indicators of Compromise and Detection
Yang published the indicators of compromise (IOCs) and YARA rules associated with AiLock. The hashes of the analyzed binary are MD5 2a728d98ae8280efeaa674783181f3fa and SHA-256 3c7c91cd4dc336db8082e07ab7549556f05d80acbc778afc2dade67c02002f69; the complete list and detection rules are available on the S2W TALON GitHub repository.
In terms of behavior, several signatures indicate AiLock execution: the .AiLock extension applied to encrypted files, the ReadMe.txt file placed in each directory, the FAUST mutex, and the modification of the HKCR/.AiLock/DefaultIcon (green padlock icon), and the HKCU/Control Panel/Desktop keys related to the desktop background. Added to this are the termination of services via ControlService() and TerminateProcess(), the emptying of the Recycle Bin, and calls to the GetLogicalDrives() and WNet APIs for network propagation.
The FAUST mutex deserves a mention: it is the same term used by a variant of the Phobos ransomware. Yang, however, establishes no connection between AiLock and the Phobos family, and this is likely a coincidence in naming. On the MITRE ATT&CK side, documented techniques include T1059.003 (Windows Command Shell), T1134.001 (Token Impersonation/Theft), T1027 (Obfuscated Files or Information), T1480 (Execution Guardrails), T1082 (System Information Discovery), T1135 (Network Share Discovery), T1486 (Data Encrypted for Impact), and T1489 (Service Stop).
Reducing Exposure to AiLock Tactics
No initial access vector has been confirmed for AiLock, but its attack vectors dictate defense priorities. Remote access is the first line of defense: restricting RDP and VPN exposure, closing unnecessary ports, and enforcing multi-factor authentication (MFA) closes the most likely entry point for RaaS operators.
Off-network or immutable backups neutralize the group’s central threat: without the ability to destroy recovery tools, extortion loses its main leverage, and with it, most of the attacker’s bargaining power. The spread of AiLock to network shares also makes segmentation and access rights restriction critical for containing an infection.
On the detection side, signatures, the FAUST mutex, and Yang’s YARA rules feed into EDR and SIEM tools, provided that up-to-date indicators are retrieved from the research group’s repository.
Then there is the regulatory angle, which is most specific to AiLock. It carries even more weight when the organization is unaware of its own obligations: knowing in advance which authority to notify, and within what timeframe, takes away some of the attacker’s leverage. In Europe, the GDPR requires notification to the competent authority within 72 hours of discovering the breach, the very same timeframe AiLock allows for negotiation.
A group that is still young, but consistent
With 38 claimed victims in just over a year (ransomware.live, June 2026), AiLock remains a relatively small-scale operator compared to the dominant groups in the sector, but its trajectory is consistent. IronGate Security noted a significant increase in AiLock incidents in the first quarter of 2026, and the pace of claims confirms continuous activity since March 2026, with victims identified every month.
The key point to watch remains the regulatory aspect of the extortion. While most operators stick to threatening to publish data, AiLock makes notifying regulators and alerting competitors a central focus of its communication, the actual effectiveness of which on victims is not publicly documented. TRM Labs lists the group among emerging operators to watch. At this stage, AiLock presents itself as a financially motivated cybercriminal operator, structured as a RaaS model with affiliate recruitment, in the same vein as other recent entrants such as The Gentlemen or NightSpire, whose trajectory appears to rely more on methodology than on volume. For now, it is less its volume than its ability to leverage its victims’ regulatory compliance as a means of blackmail that makes AiLock a case worth following.
Sources:
S2W BLOG (Medium): Detailed Analysis of AiLock Ransomware
Zscaler: Zscaler CXO Monthly Roundup | March 2025
BleepingComputer: England Hockey investigating ransomware data breach
Fortra: AiLock ransomware: What you need to know
Ransomware.live: AiLock group profile
TRM Labs: Nine Emerging Groups Shaping the Ransomware Landscape
IronGate Security: AiLock Ransomware
