Live Latest activity →
LY

lynx

Known ransomware group
Dormant / low-volume

Lynx is a ransomware-as-a-service operation that emerged in 2024, widely assessed as a successor to or rebrand of INC Ransom based on overlapping code and infrastructure. It practices double extortion against small and mid-sized businesses across multiple sectors.

1

Total Claims

1

Critical

Records Claimed

1

Industries Hit

Active span: May 10, 2026 – May 10, 2026 · 1 organizations targeted

Dormant / low-volume
Activity 1.9 Severity 10.0 Sectors 2.3 Tooling 3.0

Actor Threat Profile

Activity Timeline

Peak: May 2026 (1)
May 2026
LessMore
May 2026

Share this profile

Shareable intel card for lynx

Top Targeted Industries

Healthcare 1

Tradecraft & Infrastructure

2

Documented tools

9 / 13

MITRE tactics / techniques

10

Known leak sites

DiscoveryEnumExfiltration
Full intelligence profile on ransomware.live →

Targeted Organizations

lifelongaccess.org

Claims by lynx

Critical

Ransomware Claim: lifelongaccess.org

lifelongaccess.org
lynx
Ransomware Healthcare
May 11, 2026

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.