Ransomware Roundup – Lynx

Feb. 17, 2025, 11:22 a.m.

Description

The Lynx ransomware, first detected in July 2024, is a Windows-targeting malware that encrypts files and demands ransom for decryption. It shares similarities with the INC ransomware but offers more granular control. Lynx encrypts files with a .LYNX extension, changes desktop backgrounds, and prints ransom notes. It targets specific processes and services, avoiding certain folders and file types. The ransomware has affected 96 victims across 16 countries, primarily in the United States, with manufacturing and construction industries most impacted. Despite claims of excluding certain sectors, some healthcare and energy organizations have been targeted. Fortinet products offer protection against Lynx through various security measures.

Date

  • Created: Feb. 17, 2025, 10:54 a.m.
  • Published: Feb. 17, 2025, 10:54 a.m.
  • Modified: Feb. 17, 2025, 11:22 a.m.

Indicators

  • f71fc818362b1465fc1deb361de36badc73ac4dd9e815153c9022f82c4062787
  • b378b7ef0f906358eec595777a50f9bb5cc7bb6635e0f031d65b818a26bdc4ee
  • 97c8f54d70e300c7d7e973c4b211da3c64c0f1c95770f663e04e35421dfb2ba0
  • 80908a51e403efd47b1d3689c3fb9447d3fb962d691d856b8b97581eefc0c441
  • 468e3c2cb5b0bbc3004bbf5272f4ece5c979625f7623e6d71af5dc0929b89d6a
  • 3e68e5742f998c5ba34c2130b2d89ca2a6c048feb6474bc81ff000e1eaed044e
  • 31de5a766dca4eaae7b69f807ec06ae14d2ac48100e06a30e17cc9acccfd5193
  • eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc
  • 571f5de9dd0d509ed7e5242b9b7473c2b2cbb36ba64d38b32122a0a337d6cf8b

Attack Patterns

  • Lynx
  • Brave Prince - S0252
  • Lynx
  • T1491.001
  • T1490
  • T1059.003
  • T1547.001
  • T1070.004
  • T1562.001
  • T1005
  • T1489
  • T1486
  • T1082
  • T1083
  • T1055
  • T1053
  • T1485
  • T1112

Additional Informations

  • Construction
  • Healthcare
  • Energy
  • Manufacturing
  • Canada
  • United Kingdom of Great Britain and Northern Ireland
  • United States of America