Intel Name: Lynx ransomware: a rebranding of inc ransomware
Date of Scan: October 11, 2024
Impact: High
Summary: In July 2024, Palo Alto Networks identified Lynx ransomware, a successor to the earlier INC ransomware. Active in targeting sectors like retail, real estate, and finance in the U.S. and UK, Lynx shares significant source code with INC, which first appeared in August 2023. While Lynx currently has known Windows samples, Linux variants have yet to be confirmed. Operating under a ransomware-as-a-service (RaaS) model, this article explores the timeline of Lynx’s attacks and the evolving tactics of its threat actors. Palo Alto Networks offers enhanced protection against Lynx through its Network Security solutions and Cortex products.