Ransomware Intelligence

lynx

Ransomware group profile

150Victims
RussiaSource country
91Impact score
Also Known As
Lynx Locker

Description

Lynx is a ransomware threat group primarily targeting critical infrastructure sectors such as energy, oil, and gas facilities in the United States. Utilizing tactics like phishing and exploiting known vulnerabilities, they employ double extortion methods to demand ransom while threatening to leak sensitive data. Their organized Ransomware-as-a-Service (RaaS) model enhances their operational capabilities through a structured affiliate program.

Key insights

  • Targets critical infrastructure, especially energy, oil, and gas sectors.
  • Employs phishing and exploits vulnerabilities for initial access.
  • Utilizes a Ransomware-as-a-Service model with a structured affiliate program.
  • Implements double extortion tactics by threatening to leak stolen data.
  • Uses advanced encryption methods including AES-128 and Curve25519.
  • Claims to avoid healthcare and government sectors but impacts them nonetheless.

Industries

EducationEnergy & UtilitiesFinancial ServicesGovernment & DefenseHealthcareHospitalityManufacturingOtherProfessional ServicesRetail & E-CommerceTechnologyTransportation

Threat Level & Status Breakdown

For lynx · Based on incidents in selected period

3.5threat level
Aggressiveness8/ 10
Lethality0/ 10
Criticality2.3/ 10

Status Breakdown

Data Leaked0.7%1
Claimed99.3%149
First seenJun 2025
Last seenJun 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 18, 2026

Recent activity

Monthly attack count for lynx in the selected period

150Total attacks
26peak in Jan
11.5avg / month
↓ 3 vs first month
JunJulAugSepOctNovDecJanFebMarAprMayJun07142128

Intelligence

IOCs, YARA/Sigma rules, and related families for lynx

  1. 92bd61b94eb6c4e4d8b4f97452822f291a0c7bee75f2a3c753dc6ffea6ea32f6
  2. 6cb54ec004ff8b311e73ef8a8f69b8dd043b7b84c5499f4c6d79d462cea941d8
  3. 4fde7b67da86fdd1587f78254acf9cd6766a7d77
  4. 72231dc69a71f3ac971fa335dc79a04569dd7a09
  5. 0336d6a2348ce826be1f8e4b35bf99c2756cc9efed7be94692beffa13bb0b604
  6. d73bb7e1ccd8f55e885b7a6d0a885e4c08f7ac087c02ed67bd913761f3e1c9c7
  7. 4fef8b3cd13b424b88352f9dce2572d39d09a1bcd7f847a53863c1358c28281b
  8. a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642
  9. a875f9b3c1f31835b3f70c23a8a1daa06404b82d61887d035731eb13f649c0db
  10. acce811c4fc2a6e3fddd4231e386f1648ca44f039d2d275316bc0a0fc96e0af4
  11. dd8a0eca78e9411b914b2ca3db3aaf6a45d03a6663caa17f2e2def93011d0867
  12. b175e1d4fe69da0be4db63996a804b204005923aabeedd9c02b615ea04986303
  13. 5859e72f41ec951f10a188cc7d250b88
  14. cf1a1c9aee2f973048cdc47eb982a89a85c2dbe64edd3f49d9d0e849c6b50b60
  15. 15cd13e0cad20394ec1405748e4bd50e3f27313c6274aee098c4eb0ede970b4c
  16. a83a8eb3b522c4517b8512f7f4e9335485fd5684b8653cde7f3b9b65c432fa81
  17. 842f01180f2a021aae47f5c0e6865847985691d28919554c81d01f162afb4e43
  18. 1d9c4f86b96ed2393967188b131b7c437d29d77c696377f702e2bdc65a07cf23
  19. 254b7cca40f9e624b21841f60bff0919
  20. 898dde9055fb79d38470939940110aee98a83bbcfa2a0399c870de444540a56e
  21. f5a8ceb27bea2b49cc0c38da3b9007efc12db19e
  22. f19fe4251f62f0509c84bed3950fb07b9f5e84cb
  23. fc64bbc33e755451ba25d13209338bd628d68534d13cbf00992ae0f5fc97ca04
  24. 1531f13142fc0ebfb7b406d99a02ec6441fc9e40725fe2d2ac11119780995cd3
  25. 02e3c74a99cb7ade79eb879ed1513b5ed410eec981ce02bb0a7c2d6d654e0309
  26. 036a60aa2c62c8a9be89a2060e4300476aef1af2fd4d3dd8cac1bb286c520959
  27. e67260804526323484f564eebeb6c99ed021b960b899ff788aed85bb7a9d75c3
  28. e6f76a73180b4f2947764f4de57b52d037b482ece1a88dab9d3290e76be8c098
  29. 888d3a76d4a507159ab27eac808da6a9
  30. 060eb4ce798e9e2470f4a36139c5c03c0bfacf0a611199b056280efc290f5861
  31. daeba5633a414f92b666607203dcf0fd8bd023d619f4a25908e38837fd9a14bc
  32. fb1a21da08c9dc28c1cb855dce893e9c
  33. 0ba46a3bda93f50a567887e2c6df97663bf290352654dbf103236d3f6ab0bfab
  34. aa99338898c90e38e24c0e45ca891e25d468241d4fdba7108773ae1506c8cafb
  35. e7d68c174f38704d3bd220ce204117f558c60b348f24176b96fd7887602c30c6
  36. 4c15a5914d399a97dce2cf6452b991e5848f1f712397e9ff8381bd5cd3b8c9c0
  37. fd280e33e84c88e97860930557dba3ff80b1a82d
  38. d0724e2613107953ee2f8e941ca917658bb51f8f6b753a0552f8a407abf2b840
  39. 7916a7366c35d5f6be9e5a114b104865b78ff68c4c4fec2a081c6fcfb6809fd2
  40. 9afe896bfb6dcdf30b18d7f9330212a28358255cc08f7365d18aee2030530483
  41. a7efe6f7ee305427b023e0bd95e1f7de96e16ad36603ed8e01be859188015e63
  42. 667d7bd97fbbf9cb9bc37771040352e16776d7c900c68b14168b3c49a0a3c321
  43. f8dca20f0394e6c11a9bd8b9706e1dd9bca8f8f72d4edff36fbf311b0f40a610
  44. 050e8dcab5f3456b1ff65666d2afe3c3769288a2f1c83baa368010f592c7e808
  45. deea481121129d4779195e93fdc39ae62fecb168fd5a384d0ccf8082f06092e5
  46. 0bec4a243d5ca6180c60f26d49f49db5
  47. d5ffe5bab9b5b74bfe8dcc79c1438854a90ee930ae9106820d9488b7c729d49d
  48. 4c8cf7e19f636f8fcb23e30bb5010c2f57901f06e92b93277e962bb2c46d0714
  49. e5ed924d7e5d527c6398a9eb789036a921f66f658162971058a18315611aa84f
  50. 565031eaffb9b309737c04e9b6c6f865
  51. b88da2f6e5e9df5572e9d4dc87ed9f49
  52. f62c8a93e2fdeb5e4a334f11dde380d632e03f5c919ae4f54a69c30de57bddb7
  53. 7459b0cef7ec5800c67c4179bebb5276e1a21582baa1beef54c965e1d687fcbb
  54. 7f37351979c249417cb180b4ede0ed17e5fe2a1f08add4d72606b589f8fdb245
  55. 89d84ab72b2e5116f4a46b19f4d8096a0a9c7a88
  56. b33ffa18c79888e8dd64aa9e3c9a60f1a66757377d8e8dbabe894b71b492f196
  57. b491cad0ac4780fb6c32249d5f1510037c178d89506eb0a6c8afe9b160d98189
  58. f96ecd567d9a05a6adb33f07880eebf1d6a8709512302e363377065ca8f98f56
  59. b6a61df3254bda3056900937e3e162ddeec3239bc5e1ac3488cef9aafbda21e4
  60. d65120291dee76c694f8bea54841f7f68329b499b28f4aee5ea5c9369a7432cb
  61. abe8e7db84be416f0a76e5cb12d5c15cfea879ba0ba376db29458a8d8bb902d3
  62. 55d9836dddac73e611cf7bfac7d2066cc0961e05337d1f91837680e4c57b8816
  63. a4840200cdc6fc37beabc18abb061df5
  64. 030a1d6fc3cad2d18bb0b00fa5f663eb80fd24fc
  65. b3b970ba2a434ca224efafe05aad1d06
  66. 97969978799100c7be211b9bf8a152bbd826ba6cb55377284537b381a4814216
  67. d0ef65e3a5665f16972f62c0ea9fe35c0f1ab093320fc23784d3129868442e0e
  68. 1410c2f60840066d34f48a4be5e7e0a8126117ab
  69. 7e68880f4c8c635942b34f7119656c91f5c83183
  70. a20886a5b378624d16972db66bd4e7e1
  71. 5d4bb9ad0d2ad9d45017273cc6d0a691219be3cdc819fde0a712bb5bac0c4bff
  72. 3892cf03a67b5857526982cfb9fc32a0dbf24d2b18cc5dd443544c9577c3bf78
  73. d0c1662ce239e4d288048c0e3324ec52962f6ddda77da0cb7af9c1d9c2f1e2eb
  74. 9de8bbc961ff450332f40935b739d6d546f4b2abf45aec713e86b37b0799526d
  75. 751cb9ef1de33b0340733400f522fd0792e0fd5d
  76. 2e5d4bf87b7f3893c933d0fd83747f75a7c1e9d28e424a64a5af9c444d0ca7ac
  77. dcb0e301261b81e5888c0ba6a8ce887b8ed52e5d
  78. ddf23db6881e42e65440c26a208c9175ad705c708f0a5d8426a2636bad79777c
  79. dc9938f51150d13a69fc25f3f19052eacb1bf0a086fd5cf39762501fb3ddd7da
  80. 5c1aa1644b933cb506adfd303ca9c9e931681148670acc16836f3af1f0b3a8d9
  81. d2939cd18c9072488767520be081fef71d560896c6293b6633cab099fcd238ae
  82. 1898d056463284d849801cbdea6a3dec6c9f568f01569912c3868a5eea9a5449
  83. 59c084bf31c849636a293fc6b6eb4d64fb17a2ea190e04f5ae3eaa24cd326752
View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for lynx

CVE-2024-54085
CVE-2024-0769
Other

T1486

T1486

T1490

T1490

T1059

T1059

T1080

T1080

T1562

T1562

T1021

T1021

T1078

T1078

T1547

T1547

T1021.001

T1021.001

T1005

T1005

T1057

T1057

Victims(153)

CompanyDomainCountryIndustryStatusDiscovered
www.eastersealsia.orgeastersealsia.orgSG SingaporeHealthcare
Claimed
1 day ago
www.someco.comsomeco.comUS United States
Claimed
1 day ago
www.wolfconstruction.netwolfconstruction.netUS United StatesOther
Claimed
1 day ago
www.commonwealth-partners.comcommonwealth-partners.comGB United KingdomProfessional Services
Claimed
8 days ago
jacksoncountyin.comjacksoncountyin.comUS United StatesGovernment & Defense
Claimed
about 1 month ago
bayareaherbs.combayareaherbs.comUS United StatesRetail & E-Commerce
Claimed
about 1 month ago
st-annes.uk.comst-annes.uk.comGB United KingdomEducation
Claimed
about 1 month ago
lifelongaccess.orglifelongaccess.orgUS United StatesHealthcare
Claimed
about 1 month ago
funkychunky.comfunkychunky.comUS United StatesRetail & E-Commerce
Claimed
about 1 month ago
csb-battery.comcsb-battery.comTW TaiwanManufacturing
Claimed
about 1 month ago
ossistemes.comossistemes.comES SpainTechnology
Claimed
about 1 month ago
www.kurita.eukurita.euDE GermanyManufacturing
Claimed
about 1 month ago
StonehengeTH ThailandOther
Claimed
2 months ago
cwwcontractors.comUS United StatesOther
Claimed
2 months ago
sentrydynamics.comUS United StatesTechnology
Claimed
2 months ago
ACNHealthcareDE GermanyHealthcare
Claimed
2 months ago
www.smithdollar.comsmithdollar.comUS United StatesProfessional Services
Claimed
2 months ago
njpcs.orgUS United StatesHealthcare
Claimed
3 months ago
Go to the publication
Claimed
3 months ago
indrub.comindrub.comIN IndiaManufacturing
Claimed
3 months ago

Page 1 of 8

Affected countries(61)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates🇦🇴Angola🇦🇷Argentina🇦🇹Austria🇦🇺AustraliaAruba🇧🇪Belgium🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇳China🇨🇴Colombia🇨🇷Costa Rica🇨🇿Czech Republic🇩🇪Germany🇩🇰Denmark🇩🇲Dominica🇩🇿Algeria🇪🇸Spain🇪🇹Ethiopia🇫🇮Finland🇫🇷France🇬🇧United Kingdom🇭🇰Hong Kong🇮🇩Indonesia🇮🇱Israel🇮🇳India🇮🇹ItalyJersey🇯🇲Jamaica🇯🇵Japan🇰🇪KenyaKorea, Republic of🇰🇼Kuwait🇲🇦Morocco🇲🇹Malta🇲🇽Mexico🇲🇾Malaysia🇳🇱Netherlands🇳🇴Norway🇳🇿New Zealand🇵🇪Peru🇵🇭Philippines🇵🇱PolandPuerto Rico🇵🇹Portugal🇵🇾Paraguay🇷🇴RomaniaRussian Federation🇸🇦Saudi Arabia🇸🇪Sweden🇸🇬SingaporeSyrian Arab Republic🇹🇭Thailand🇹🇷TurkeyTaiwan, Province of China🇺🇸United StatesVenezuela, Bolivarian Republic of🇼🇸Samoa🇿🇦South Africa