lynx
Group profile
Lynx is a ransomware-as-a-service operation that emerged in mid-2024 as a rebrand of INC Ransomware (whose source code was sold for $300,000 on the RAMP forum), claiming ~300 victims across manufacturing, business services, technology, and transportation with an 80/20 profit split for affiliates.
MITRE ATT&CK TTPs
Initial Access
Execution
T1059.001Command and Scripting Interpreter: PowerShell
PowerShell used for payload execution and post-exploitation activity.
Defense Evasion
Credential Access
T1003.001OS Credential Dumping: LSASS Memory
Credential dumping from LSASS used to facilitate lateral movement.
Discovery
Lateral Movement
T1021.001Remote Services: Remote Desktop Protocol
RDP used for lateral movement with harvested credentials.
Exfiltration
T1567.002Exfiltration Over Web Service: Exfiltration to Cloud Storage
Data exfiltrated for double extortion via the Lynx leak site prior to encryption.
Command and Control
T1071.001Application Layer Protocol: Web Protocols
C2 communication over HTTPS; Tor used for victim negotiation portals.
Impact
T1486Data Encrypted for Impact
Lynx uses AES-128 CTR mode for file encryption with RSA-2048 for key protection. Code similarities indicate it may be a rebrand or fork of INC Ransomware. Emerged mid-2024; highly aggressive targeting of SMBs and mid-market organizations across multiple sectors. Appends .lynx extension.
T1490Inhibit System Recovery
Shadow copies deleted and recovery options disabled to prevent victim restoration.
Recent victims
showing 50 of 414| Date | Website / victim | Sector | Country |
|---|---|---|---|
| 2026-06-18 |  www.someco.comwww.someco.com | Not Found | |
| 2026-06-18 |  www.eastersealsia.orgwww.eastersealsia.org | Healthcare | US |
| 2026-06-18 |  www.wolfconstruction.netwww.wolfconstruction.net | Construction | US |
| 2026-06-11 |  www.commonwealth-partners.comwww.commonwealth-partners.com | Business Services | GB |
| 2026-05-10 |  lifelongaccess.orglifelongaccess.org | Healthcare | US |
| 2026-05-10 |  st-annes.uk.comst-annes.uk.com | Education | GB |
| 2026-05-10 |  bayareaherbs.combayareaherbs.com | Consumer Services | US |
| 2026-05-10 |  jacksoncountyin.comjacksoncountyin.com | Public Sector | US |
| 2026-05-10 |  ossistemes.comossistemes.com | Technology | ES |
| 2026-05-10 |  csb-battery.comcsb-battery.com | Manufacturing | TW |
| 2026-05-10 |  funkychunky.comfunkychunky.com | Consumer Services | US |
| 2026-05-10 |  www.kurita.euwww.kurita.eu | Manufacturing | DE |
| 2026-04-06 |  Stonehengestonehenge.o.uk | Construction | GB |
| 2026-03-29 |  cwwcontractors.comcwwcontractors.com | Construction | GB |
| 2026-04-13 |  sentrydynamics.comsentrydynamics.com | Technology | US |
| 2026-04-08 |  ACNHealthcareacnhealthcare.com | Healthcare | IN |
| 2026-04-07 |  www.smithdollar.comwww.smithdollar.com | Financial Services | US |
| 2026-03-17 |  njpcs.orgnjpcs.org | Education | US |
| 2026-03-12 |  indrub.comindrub.com | Manufacturing | IN |
| 2026-02-28 |  Keller Polskawww.kellerpolska.pl | Construction | PL |
| 2026-03-06 |  Africa Insurancewww.africainsurance.com | Financial Services | ET |
| 2026-03-01 |  https://www.hegelmann.comhegelmann.com | Transportation/Logistics | DE |
| 2026-02-10 |  Altalinguawww.altalingua.com | Business Services | ES |
| 2026-02-17 |  Stera Chemicalswww.sterachemicals.com | Manufacturing | RO |
| 2026-02-11 |  Keylogistics Chilekeylogistics.cl | Transportation/Logistics | CL |
| 2026-02-12 |  secure.aesecure.ae | Not Found | AE |
| 2026-02-17 |  gbaco.comgbaco.com | Financial Services | GB |
| 2026-02-17 |  powersmiller.compowersmiller.com | Business Services | US |
| 2026-02-17 |  structuredassetservices.comstructuredassetservices.com | Financial Services | US |
| 2026-01-30 |  La Rioja Altawww.lariojaalta.com | Agriculture and Food Production | ES |
| 2026-02-04 |  www.trisa.chwww.trisa.ch | Manufacturing | CH |
| 2026-02-03 |  peterboroughpublichealth.capeterboroughpublichealth.ca | Public Sector | CA |
| 2026-01-30 |  shorelinenyc.comshorelinenyc.com | Hospitality and Tourism | US |
| 2026-01-30 |  www.roschvisionary.comwww.roschvisionary.com | Technology | DE |
| 2026-01-14 |  Ocean Fishwww.oceanfish.com | Agriculture and Food Production | RO |
| 2026-01-04 |  Grupo Ruizwww.gruporuiz.com | Transportation/Logistics | ES |
| 2025-12-31 |  Optionsoptions.com | Business Services | CA |
| 2026-01-06 |  www.swautomation.atwww.swautomation.at | Manufacturing | AT |
| 2026-01-05 |  www.burdettedental.comwww.burdettedental.com | Healthcare | US |
| 2026-01-05 |  www.tecnoelectric.com.pywww.tecnoelectric.com.py | Manufacturing | PY |
| 2026-01-05 |  www.sje.vic.edu.auwww.sje.vic.edu.au | Education | AU |
| 2026-01-05 |  www.granosycereales.com.cowww.granosycereales.com.co | Agriculture and Food Production | CO |
| 2026-01-05 |  www.ville-dunkerque.frwww.ville-dunkerque.fr | Public Sector | FR |
| 2026-01-05 |  www.mscorp.netwww.mscorp.net | Technology | US |
| 2026-01-05 |  www.mcphillamysgold.comwww.mcphillamysgold.com | Energy | AU |
| 2026-01-05 |  www.blackdogsalvage.comwww.blackdogsalvage.com | Consumer Services | US |
| 2026-01-05 |  crawfordorthodontics.netcrawfordorthodontics.net | Healthcare | US |
| 2026-01-05 |  www.stcharlesprep.orgwww.stcharlesprep.org | Education | US |
| 2026-01-05 |  laurysenkitchens.comlaurysenkitchens.com | Manufacturing | CA |
| 2026-01-05 |  miltonfl.orgmiltonfl.org | Public Sector | US |