AiLock has posted five claimed victims in the past 30 days, with activity spanning the United States, Germany, France, Chile, and Switzerland, suggesting a geographically diffuse targeting pattern rather than regional concentration. Business services firms represent the plurality of its claimed victims across its short operational history, though its recent claims also touch manufacturing and healthcare. The group markets itself as using a hybrid ChaCha20/NTRUEncrypt encryption scheme and claims to incorporate AI-assisted capabilities, though these assertions originate from the group's own promotional material and should be treated skeptically. AiLock is also described as threatening to report victims to regulators if ransoms go unpaid, a pressure tactic increasingly layered onto standard double-extortion operations to amplify financial and legal anxiety. The group has been tracked since mid-May 2026 and appears to be in an active affiliate recruitment phase, which may account for the varied geographic and sectoral spread of its early claimed victims.