{"id":7111,"date":"2025-01-28T16:45:38","date_gmt":"2025-01-28T22:45:38","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/lynx-raas-group-industrializes-cybercrime-with-affiliate-operations"},"modified":"2025-01-28T16:45:38","modified_gmt":"2025-01-28T22:45:38","slug":"lynx-ransomware-group-industrializes-cybercrime-with-affiliates","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/01\/28\/lynx-ransomware-group-industrializes-cybercrime-with-affiliates\/","title":{"rendered":"Lynx Ransomware Group &#8216;Industrializes&#8217; Cybercrime With Affiliates"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt707d3dee1a75760e\/679955607700b455e6d1ed44\/lynx1800_WilliamMullins_alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/lynx-ransomware-group-industrializes-cybercrime-with-affiliates.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/lynx-ransomware-group-industrializes-cybercrime-with-affiliates.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">NEWS BRIEF<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_self\" href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/russian-ransomware-gangs-hunt-pen-testers\">Lynx ransomware-as-a-service<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> (RaaS) group has made a name for itself, standing out as a &#8220;highly organized platform&#8221; complete with a structured affiliate program and robust encryption methods.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Researchers at Group IB investigated Lynx&#8217;s operations and detailed how the group orchestrates its ransomware attacks and manages its list of victims.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Lynx&#8217;s affiliate panel is divided into sections, such as news, companies, chats, leaks, and more. This &#8220;user-friendly&#8221; interface allows affiliates to create victim profiles, generate ransomware samples, and even manage schedules, among a variety of other features. The group provides its affiliates with an &#8220;All-in-One Archive&#8221; that contains binaries for Windows, Linux, and ESXi environments. It also has a competitive recruitment-driven strategy that incentivizes affiliates with an 80% share of ransom proceeds and a leak site dedicated to posting stolen data publicly if a ransom goes unpaid.&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The group&#8217;s recruitment operation requires a lengthy verification process for pen testers and skilled intrusion teams, detailing how the group emphasizes quality control, operational security, along with sufficient skills and experience before being able to join the business.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Using these strategies and more, Lynx has established itself as what the researchers consider to be a &#8220;formidable RaaS operator.&#8221; By combining ransomware builds, a structured affiliate ecosystem, and a detailed management system, the group has created &#8220;an industrial-scale approach to cybercrime.&#8221;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The researchers recommend that organizations take essential steps to protect their operations, especially if they are within a critical industrial sector, by implementing multifactor authentication and credential-based access, deploying advanced endpoint detection and response solutions, scheduling backups, prioritizing updates and security awareness programs, and more. Further details can be found in Group-IB&#8217;s research <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.group-ib.com\/blog\/cat-s-out-of-the-bag-lynx-ransomware\/\">blog post<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">.&nbsp;<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/lynx-raas-group-industrializes-cybercrime-with-affiliate-operations\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NEWS BRIEF The Lynx ransomware-as-a-service (RaaS) group has made a<\/p>\n","protected":false},"author":12,"featured_media":7112,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-7111","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/lynx-ransomware-group-industrializes-cybercrime-with-affiliates-scaled.jpg?fit=2560%2C1440&ssl=1",2560,1440,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/lynx-ransomware-group-industrializes-cybercrime-with-affiliates-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/lynx-ransomware-group-industrializes-cybercrime-with-affiliates-scaled.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/lynx-ransomware-group-industrializes-cybercrime-with-affiliates-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/lynx-ransomware-group-industrializes-cybercrime-with-affiliates-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/lynx-ransomware-group-industrializes-cybercrime-with-affiliates-scaled.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/lynx-ransomware-group-industrializes-cybercrime-with-affiliates-scaled.jpg?fit=2048%2C1152&ssl=1",2048,1152,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/lynx-ransomware-group-industrializes-cybercrime-with-affiliates-scaled.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/lynx-ransomware-group-industrializes-cybercrime-with-affiliates-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/lynx-ransomware-group-industrializes-cybercrime-with-affiliates-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/lynx-ransomware-group-industrializes-cybercrime-with-affiliates-scaled.jpg?fit=2560%2C1440&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7111"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7111\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/7112"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}