Ransomware Group

lynx

Lynx is a ransomware-as-a-service operation that emerged in mid-2024 as a rebrand of INC Ransomware (whose source code was sold for $300,000 on the RAMP forum), claiming ~300 victims across manufacturing, business services, technology, and transportation with an 80/20 profit split for affiliates.

411 Known Victims

Threat Level

HIGH

Known Infrastructure

The following Tor hidden services have been associated with this group:

lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion
lynxchatly4zludmhmi75jrwhycnoqvkxb4prohxmyzf4euf5gjxroad.onion
lynxblogco7r37jt7p5wrmfxzqze7ghxw6rihzkqc455qluacwotciyd.onion
lynxblogijy4jfoblgix2klxmkbgee4leoeuge7qt4fpfkj4zbi2sjyd.onion
lynxblogmx3rbiwg3rpj4nds25hjsnrwkpxt5gaznetfikz4gz2csyad.onion

⚠️ Warning: These are malicious sites. Do not visit without proper security measures.

Check If You're Affected

Search our database to see if your organization appears in lynx's victim list.

Try It NowFree

Try:|

Get instant threat analysis with risk scores, threat categories, and detailed reports.

Other Active Ransomware Groups

Lockbit Blackcat Cl0p Play Bianlian Akira Medusa Rhysida