By Shunichi Imano and Fred Gutierrez | February 14, 2025
FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.
This edition of the Ransomware Roundup covers the Lynx ransomware.
Affected platforms: Microsoft Windows
Impacted parties: Microsoft Windows
Impact: Encrypts victims' files and demands ransom for file decryption
Severity level: High
Lynx Ransomware Overview
The first sample of the Lynx ransomware was made available on a publicly available file-scanning site in early July 2024, which coincides with other reports of its first availability.
Our research found that the Lynx and INC ransomware, which first appeared in July 2023, look very similar. However, INC offers fewer options at the execution phase. We believe that INC ransomware is a predecessor to the Lynx ransomware. While INC ransomware is available for the Windows and ESXi platforms, we have not found a Lynx variant of the ransomware that affects non-Windows environments.