Ransomware victim disclosure
← All victimsVir Biotechnology
listed as VIR · Claimed by Lynx · listed 10 months ago
Status timeline
- ListedSep 24, 2025
- Data leakeddate unknown
At a glance
- Group
- Lynx
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Sep 24, 2025
About the victim
AI dossier — public-source company profileVir Biotechnology is a clinical-stage immunology company headquartered in San Francisco, California, founded in 2016. The company focuses on combining immunologic insights with cutting-edge technologies to develop treatments and preventive therapies for serious infectious diseases. It operates at the intersection of immunology and biotechnology, with programs targeting diseases such as hepatitis B, HIV, and respiratory viruses.
- Industry
- Clinical-Stage Biotechnology & Infectious Disease Immunology
- Address
- 499 Illinois Street, San Francisco, California 94158, United States
- Employees
- 201-500
- Founded
- 2016
Attack summary
Severity: critical — Vir Biotechnology is a clinical-stage biotech company handling sensitive research data, potential clinical trial data, regulated scientific and employee PII, and proprietary immunology IP. Data has been confirmed published, meaning exfiltration is not merely claimed but actioned, warranting critical severity given the regulated and sensitive nature of biotech/clinical data.The Lynx ransomware group claims to have attacked Vir Biotechnology and has published data ('data_published' status), indicating confirmed exfiltration of company data. The specific categories of exfiltrated data are not enumerated in the leak post.
Data the group says was taken
AI dossier — extracted from the leak post- Corporate business data
- Research and development files
- Employee records
- Financial documents
- Clinical/scientific data
What the group claims
Vir Biotechnology is a clinical-stage immunology company that focuses on combining immunologic insights with technologies to treat and prevent serious infectious diseases. The company was founded in 2016 and is headquartered in San Francisco, California
Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

