lynx Ransomware

Overview

Lynx is a ransomware group that emerged in mid-2024 with a professional affiliate programme. They operate a leak site listing victims across multiple sectors and geographies. The group appears to have connections to the earlier INC ransomware operation.

Tactics, Techniques & Procedures

Double extortion, affiliate model, targets mid-market organisations

Primary Targets

Manufacturing, Professional Services, Retail

Indicators of Compromise

Lynx ransomware binary
Remote access tools

MITRE ATT&CK Techniques

T1486
T1041
T1059

Quick Reference

Status	ACTIVE
Type	Ransomware
First Seen	2024
Victims Tracked	Monitored

Dark Web Presence

http://lynxchatly4zludmhmi75jrwhycnoqvkxb4prohxmyzf4euf5gjxroad.onion/login
http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion/leaks
http://lynxblogoxllth4b46cfwlop5pfj4s7dyv37yuy7qn2ftan6gd72hsad.onion/leaks

Under Attack?

If you believe lynx has targeted your organisation, contact Binary Response immediately.

Emergency Response Dark Web Monitoring →

Related Threat Actors

LockBit Rhysida Akira DragonForce View All →