In a reminder to button up your station’s cyber security, WDEF in Chattanooga, Tennessee was hit by ransomware called Lynx, according to Cybernews.
We asked WDEF about it, but haven’t heard back.
On May 1, Lynx posted data samples on the dark web that looked like confidential agreements with the CBS affiliate’s employees.
Ransomware gangs often list victims on their dark web leak sites, attempting to extort organizations into paying a ransom for the stolen data or face dealing with a damaging leak.
Caught on the radar in mid-2024, the gang is operating as Ransomware-as-a-Service (RaaS) and is known to target organizations in the finance, architecture, and manufacturing sectors.
Darktrace’s Threat Research teams also uncovered Lynx-related incidents targeting energy and retail sectors across the Middle East and Asia-Pacific (APAC) regions.
According to Cybernews’ in-house surveillance tool, Ransomlooker, the gang has listed 196 victims since 2024, and is among the key players in the ransomware scene.
Unit42 researchers identify that Lynx’s malware shares significant portions of its source code with the INC ransomware variant, indicating the group likely repurposed readily available INC code to craft its own custom strain.On their leak site, Lynx gang claims that they have a clear intention to avoid undue harm to organizations.
They claim to follow ethical policies and not target governmental institutions, hospitals, or non-profit organizations, as “these sectors play vital roles in society.”
“Our operational model encourages dialogue and resolution rather than chaos and destruction,” write the gang.