Lynx Ransomware: A Rebranding of INC Ransomware

SUMMARY :

Lynx ransomware, discovered in July 2024, is a successor to INC ransomware targeting organizations in retail, real estate, architecture, and financial services in the U.S. and UK. It shares significant source code with INC and operates as a ransomware-as-a-service model. Lynx employs double extortion tactics, exfiltrating data before encryption. The group uses various delivery mechanisms, including phishing emails and malicious downloads. Technical analysis reveals the use of AES-128 and Curve25519 encryption algorithms, with files appended with a .lynx extension. The ransomware terminates specific processes, encrypts network drives, and uses the Restart Manager API to target locked files. Comparison with INC ransomware shows a 70.8% overlap in shared functions, indicating code reuse.

OPENCTI LABELS :

ransomware,linux,windows,raas,encryption,data leak,double extortion,lynx ransomware,inc ransomware


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Lynx Ransomware: A Rebranding of INC Ransomware