Ransomware Roundup – Lynx
Essential information
- Published
- 17/02/2025 10:54
- Modified
- 17/02/2025 11:22
- Tags
- 2025-02-17 brave prince construction data leak encryption lynx manufacturing ransomware windows
- Related entities
- 9 observables, 1 intrusion sets (apt), 15 techniques (mitre), 2 malware, 7 others
Description
The Lynx ransomware, first detected in July 2024, is a Windows-targeting malware that encrypts files and demands ransom for decryption. It shares similarities with the INC ransomware but offers more granular control. Lynx encrypts files with a .LYNX extension, changes desktop backgrounds, and prints ransom notes. It targets specific processes and services, avoiding certain folders and file types. The ransomware has affected 96 victims across 16 countries, primarily in the United States, with manufacturing and construction industries most impacted. Despite claims of excluding certain sectors, some healthcare and energy organizations have been targeted. Fortinet products offer protection against Lynx through various security measures.