Lynx Ransomware: A Rebranding of INC Ransomware
Oct. 14, 2024, 10:45 a.m.
Description
Lynx ransomware, discovered in July 2024, is a successor to INC ransomware targeting organizations in retail, real estate, architecture, and financial services in the U.S. and UK. It shares significant source code with INC and operates as a ransomware-as-a-service model. Lynx employs double extortion tactics, exfiltrating data before encryption. The group uses various delivery mechanisms, including phishing emails and malicious downloads. Technical analysis reveals the use of AES-128 and Curve25519 encryption algorithms, with files appended with a .lynx extension. The ransomware terminates specific processes, encrypts network drives, and uses the Restart Manager API to target locked files. Comparison with INC ransomware shows a 70.8% overlap in shared functions, indicating code reuse.
Tags
Date
- Created: Oct. 14, 2024, 10:18 a.m.
- Published: Oct. 14, 2024, 10:18 a.m.
- Modified: Oct. 14, 2024, 10:45 a.m.
Indicators
- fef674fce37d5de43a4d36e86b2c0851d738f110a0d48bae4b2dab4c6a2c373e
- fcefe50ed02c8d315272a94f860451bfd3d86fa6ffac215e69dfa26a7a5deced
- f96ecd567d9a05a6adb33f07880eebf1d6a8709512302e363377065ca8f98f56
- ee1d8ac9fef147f0751000c38ca5d72feceeaae803049a2cd49dcce15223b720
- eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc
- d147b202e98ce73802d7501366a036ea8993c4c06cdfc6921899efdd22d159c6
- e17c601551dfded76ab99a233957c5c4acf0229b46cd7fc2175ead7fe1e3d261
- ca9d2440850b730ba03b3a4f410760961d15eb87e55ec502908d2546cd6f598c
- c41ab33986921c812c51e7a86bd3fd0691f5bba925fae612f1b717afaa2fe0ef
- a0ceb258924ef004fa4efeef4bc0a86012afdb858e855ed14f1bbd31ca2e42f5
- 9ac550187c7c27a52c80e1c61def1d3d5e6dbae0e4eaeacf1a493908ffd3ec7d
- 869d6ae8c0568e40086fd817766a503bfe130c805748e7880704985890aca947
- 82eb1910488657c78bef6879908526a2a2c6c31ab2f0517fcc5f3f6aa588b513
- 7f104a3dfda3a7fbdd9b910d00b0169328c5d2facc10dc17b4378612ffa82d51
- 64b249eb3ab5993e7bcf5c0130e5f31cbd79dabdcad97268042780726e68533f
- 63e0d4e861048f581c9e5c64b28a053eb0023d58eebf2b943868d5f68a67a8b7
- 571f5de9dd0d509ed7e5242b9b7473c2b2cbb36ba64d38b32122a0a337d6cf8b
- 36e3c83e50a19ad1048dab7814f3922631990578aab0790401bc67dbcc90a72e
- 508a644d552f237615d1504aa1628566fe0e752a5bc0c882fa72b3155c322cef
- 3156ee399296d55e56788b487701eb07fd5c49db04f80f5ab3dc5c4e3c071be0
- 29a25e971dbb87d3adcee75693782d978a3ca9f64df0a59b015ca519a4026c49
- 1a7c754ae1933338c740c807ec3dcf5e18e438356990761fdc2e75a2685ebf4a
- 1754c9973bac8260412e5ec34bf5156f5bb157aa797f95ff4fc905439b74357a
- 05e4f234a0f177949f375a56b1a875c9ca3d2bee97a2cb73fc2708914416c5a9
- 11cfd8e84704194ff9c56780858e9bbb9e82ff1b958149d74c43969d06ea10bd
- 02472036db9ec498ae565b344f099263f3218ecb785282150e8565d5cac92461
- martina.lestariid1898@proton.me
- lynxchatohmppv6au67lloc2vs6chy7nya7dsu2hhs55mcjxp2joglad.onion
- lynxchatfw4rgsclp4567i4llkqjr2kltaumwwobxdik3qa2oorrknad.onion
- lynxchatly4zludmhmi75jrwhycnoqvkxb4prohxmyzf4euf5gjxroad.onion
- lynxchatdykpoelffqlvcbtry6o7gxk3rs2aiagh7ddz5yfttd6quxqd.onion
- lynxchatde4spv5x6xlwxf47jdo7wtwwgikdoeroxamphu3e7xx5doqd.onion
- lynxchatdy3tgcuijsqofhssopcepirjfq2f4pvb5qd4un4dhqyxswqd.onion
- lynxchatbykq2vycvyrtjqb3yuj4ze2wvdubzr2u6b632trwvdbsgmyd.onion
- lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion
- lynxch2k5xi35j7hlbmwl7d6u2oz4vp2wqp6qkwol624cod3d6iqiyqd.onion
- lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion
- lynxblogtwatfsrwj3oatpejwxk5bngqcd5f7s26iskagfu7ouaomjad.onion
- lynxblogoxllth4b46cfwlop5pfj4s7dyv37yuy7qn2ftan6gd72hsad.onion
- lynxblogmx3rbiwg3rpj4nds25hjsnrwkpxt5gaznetfikz4gz2csyad.onion
- lynxblogijy4jfoblgix2klxmkbgee4leoeuge7qt4fpfkj4zbi2sjyd.onion
- lynxblogco7r37jt7p5wrmfxzqze7ghxw6rihzkqc455qluacwotciyd.onion
- lynxblog.net
- lynxbllrfr5262yvbgtqoyq76s7mpztcqkv6tjjxgpilpma7nyoeohyd.onion
Additional Informations
- Architecture
- Retail
- Finance
- United Kingdom of Great Britain and Northern Ireland
- United States of America