Lynx Ransomware Group ‘Industrializes’ Cybercrime With Affiliates www.darkreading.com/threat-in…

The Lynx ransomware-as-a-service (RaaS) group has made a name for itself, standing out as a “highly organized platform” complete with a structured affiliate program and robust encryption methods.

Researchers at Group IB investigated Lynx’s operations and detailed how the group orchestrates its ransomware attacks and manages its list of victims.

Lynx’s affiliate panel is divided into sections, such as news, companies, chats, leaks, and more. This “user-friendly” interface allows affiliates to create victim profiles, generate ransomware samples, and even manage schedules, among a variety of other features. The group provides its affiliates with an “All-in-One Archive” that contains binaries for Windows, Linux, and ESXi environments. It also has a competitive recruitment-driven strategy that incentivizes affiliates with an 80% share of ransom proceeds and a leak site dedicated to posting stolen data publicly if a ransom goes unpaid.