Ransomware victim disclosure
← All victimsLynx Group
listed as LYNXSPA · Claimed by Morpheus · listed 1 year ago
Status timeline
- ListedJan 17, 2025
- Data leakeddate unknown
At a glance
- Group
- Morpheus
- Status
- Data leaked
- Country
- Spain
- Sector
- Technology
- Listed on leak site
- Jan 17, 2025
- Ransom demanded
- $292.5M
About the victim
AI dossier — public-source company profileLynx Group is an Italian system integrator and digital transformation specialist operating across 18 companies with over 1,600 employees across 20 locations in Italy, Spain, and Brazil. The group provides services in finance, energy & utilities, insurance, public administration, and industrial sectors, with expertise in cloud, microservices, machine learning, and enterprise application development.
- Industry
- System Integration & Digital Transformation Services
- Employees
- 1600+
Attack summary
Severity: medium — Data has been published and significant scale indicated by revenue claim ($292.5M), but the truncated leak post provides no specifics on data types, sensitivity, or proof artifacts. No regulated/sensitive data categories explicitly confirmed in available post excerpt.The morpheus group claims to have compromised Lynx Group and published exfiltrated data. The post references $292.5M in revenue but provides no specific details on data types exfiltrated or the scope of the breach.
What the group claims
**Website**: lynxspa.com **Revenue**: $292.5 Million Lynx, the Partner for Digital Transformation The Lynx Group specialises in the design and implementation of digital solutions, supporting large o
Sources
- Victim sitelynxspa.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

