satanlock

Ransomware group profile

5Victims

ChinaSource country

36Impact score

Description

SatanLock, also known as satanlockv2, was a ransomware group that emerged in early 2025 and ceased operations by July 2025. With a focus on data theft and extortion instead of traditional file encryption, the group claimed to have compromised 67 organizations and intended to publicly leak stolen data upon shutdown.

Key insights

•SatanLock primarily employed a double extortion model, threatening to leak stolen data if ransom demands were not met.
•The group rapidly compromised 67 organizations shortly after its inception, indicating a high level of operational efficiency.
•SatanLock potentially shared victim pools with other ransomware groups, suggesting connections to broader cybercriminal networks.
•Despite its short lifespan, the group made headlines due to its unique approach to handling ransom demands by announcing a data leak upon cessation.
•No specific malware or unique tools were attributed to SatanLock, indicating reliance on common ransomware tactics.

Industries

Education Financial Services Healthcare Hospitality Manufacturing Other Professional Services Technology Transportation

Threat Level & Status Breakdown

For satanlock · Based on incidents in selected period

2.4threat level

Aggressiveness2.5/ 10

Lethality0/ 10

Criticality5/ 10

Status Breakdown

Claimed100.0%5

First seenJul 2025

Last seenJul 2025

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 2, 2026

Recent activity

Monthly attack count for satanlock in the selected period

5Total attacks

5peak in Jul

5avg / month

Intelligence

IOCs, YARA/Sigma rules, and related families for satanlock

10700ee5caad40e74809921e11b7e3f2330521266c822ca4d21e14b22ef08e1d
49c720758b8a87e42829ffb38a0d7fe2a8c36dc3007abfabbea76155185d2902
d4757f035c3447c33c2347101d08c1e798f1a044
4f88d3977a24fb160fc3ba69821287a197ae9b04493d705dc2fe939442ba6461
0303f89829763e734b1f9d4f46671e59bfaa1be5d8ec84d35a203efbfcb9bb15
964540e24c4e2e048e4600e5f590bf96
89a54d3a38d2364784368a40ab228403f1f1c1926892fe8355aa29d00eb36819
1ea37e077e6b2463b8440065d5110377e2b4b4283ce9849ac5efad6d664a8e9e
f5e122b60390bdcc1a17a24cce0cbca68475ad5abee6b211b5be2dea966c2634

View full IOC feed10 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for satanlock

Other

T1486

T1490

T1040

T1078

T1047

T1021

T1562

T1059

T1071

T1021.001

Victims(10)

Company	Domain	Country	Industry	Status	Discovered
Satanlock project will be shut down	—	US United States	—	Claimed	11 months ago
Satanlock project will be shut down	—	US United States	Retail & E-Commerce	Claimed	11 months ago
studionotarile.com	—	IT Italy	Professional Services	Claimed	11 months ago
https://klinikdrindrajana.com/	—	ID Indonesia	Healthcare	Claimed	11 months ago
https://klinikdrindrajana.com/	klinikdrindrajana.com	ID Indonesia	Healthcare	Claimed	11 months ago
https://www.teligent.se/	—	SE Sweden	Technology	Claimed	11 months ago
fkk.ac.th	—	TH Thailand	Education	Claimed	11 months ago
https://www.teligent.se/	—	SE Sweden	Technology	Claimed	11 months ago
fkk.ac.th	fkk.ac.th	TH Thailand	Education	Claimed	11 months ago
studionotarile.com	studionotarile.com	IT Italy	Professional Services	Claimed	11 months ago

Affected countries(15)

Countries where this group has been reported to target or leak victims.

🇧🇷Brazil 🇨🇦Canada 🇩🇪Germany 🇪🇬Egypt 🇬🇧United Kingdom 🇮🇩Indonesia 🇮🇳India 🇮🇹Italy 🇯🇲Jamaica 🇯🇵Japan Martinique 🇸🇪Sweden 🇹🇭Thailand Taiwan, Province of China 🇺🇸United States