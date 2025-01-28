Lynx Ransomware Group 'Industrializes' Cybercrime With AffiliatesLynx Ransomware Group 'Industrializes' Cybercrime With Affiliates

The ransomware group provides everything an affiliate could want to breach and attack victims, including a quality controlled recruitment system to engage even more criminals.

Kristina Beek, Associate Editor, Dark Reading

January 28, 2025

1 Min Read
Captive Canada lynx (Lynx canadensis) licking nose on a log near Haines, Alaska
Source: William Mullins via Alamy Stock Photo

NEWS BRIEF

The Lynx ransomware-as-a-service (RaaS) group has made a name for itself, standing out as a "highly organized platform" complete with a structured affiliate program and robust encryption methods.

Researchers at Group IB investigated Lynx's operations and detailed how the group orchestrates its ransomware attacks and manages its list of victims.

Lynx's affiliate panel is divided into sections, such as news, companies, chats, leaks, and more. This "user-friendly" interface allows affiliates to create victim profiles, generate ransomware samples, and even manage schedules, among a variety of other features. The group provides its affiliates with an "All-in-One Archive" that contains binaries for Windows, Linux, and ESXi environments. It also has a competitive recruitment-driven strategy that incentivizes affiliates with an 80% share of ransom proceeds and a leak site dedicated to posting stolen data publicly if a ransom goes unpaid. 

The group's recruitment operation requires a lengthy verification process for pen testers and skilled intrusion teams, detailing how the group emphasizes quality control, operational security, along with sufficient skills and experience before being able to join the business.

Using these strategies and more, Lynx has established itself as what the researchers consider to be a "formidable RaaS operator." By combining ransomware builds, a structured affiliate ecosystem, and a detailed management system, the group has created "an industrial-scale approach to cybercrime."

The researchers recommend that organizations take essential steps to protect their operations, especially if they are within a critical industrial sector, by implementing multifactor authentication and credential-based access, deploying advanced endpoint detection and response solutions, scheduling backups, prioritizing updates and security awareness programs, and more. Further details can be found in Group-IB's research blog post

Read more about:

News Briefs

About the Author

Kristina Beek, Associate Editor, Dark Reading

Kristina Beek, Associate Editor, Dark Reading

Skilled writer and editor covering cybersecurity for Dark Reading.

See more from Kristina Beek, Associate Editor, Dark Reading
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

A person's hand on a computer keyboard
Endpoint Security
Crisis Simulations: A Top 2025 Concern for CISOsCrisis Simulations: A Top 2025 Concern for CISOs
byKristina Beek, Associate Editor, Dark Reading
Jan 27, 2025
2 Min Read
MITRE ATT&CK framework
Cybersecurity Operations
MITRE's Latest ATT&CK Simulations Tackle Cloud DefensesMITRE's Latest ATT&CK Simulations Tackle Cloud Defenses
byRobert Lemos, Contributing Writer
Jan 24, 2025
4 Min Read
A corkboard with six post-it notes of various colors saying "yes," "no," "maybe," "don't know," and "don't care."
Cyber Risk
Security Needs to Start Saying 'No' AgainSecurity Needs to Start Saying ‘No’ Again
byJoan Goodchild
Jan 22, 2025
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events