216.73.216.204

Lynx Ransomware: A Rebranding of INC Ransomware

· Published 14/10/2024 10:18 · Modified 14/10/2024 10:45

Export JSON

Essential information

Published
14/10/2024 10:18
Modified
14/10/2024 10:45
Tags
2024-10-14 data leak double-extortion encryption inc ransomware linux lynx ransomware raas ransomware windows
Related entities
44 observables, 1 intrusion sets (apt), 15 techniques (mitre), 2 malware, 5 others

Description

, discovered in July 2024, is a successor to targeting organizations in retail, real estate, architecture, and financial services in the U.S. and UK. It shares significant source code with INC and operates as a -as-a-service model. Lynx employs double extortion tactics, exfiltrating data before . The group uses various delivery mechanisms, including phishing emails and malicious downloads. Technical analysis reveals the use of AES-128 and Curve25519 algorithms, with files appended with a .lynx extension. The terminates specific processes, encrypts network drives, and uses the Restart Manager API to target locked files. Comparison with shows a 70.8% overlap in shared functions, indicating code reuse.

External references