Ransomware Group: LYNX

VICTIM NAME: pay4freight[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LYNX Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware attack targeted Pay4Freight, a logistics company specializing in freight factoring services based in the United States. The attack date is recorded as April 24, 2025, and the breach was publicly disclosed shortly after on April 25, 2025. The leaked data includes information related to the company’s operations, services, and potentially sensitive business details. The leak appears to be part of a coordinated effort by a threat group linked to the group’s name, “lynx.” The incident involves the publication of screenshots and other data leaks that suggest the exfiltration of internal data, possibly including employee and client information, although specific PII has been redacted and not disclosed. Download links and leaked data files were observed, indicating the attackers possibly exfiltrated significant volumes of data for ransom purposes or publication. The website image shows screenshots of internal documents or system interfaces, highlighting the severity of the breach. No personal or customer PII has been publicly shared in the leak, consistent with responsible disclosure standards. The attack emphasizes the ongoing risk faced by transportation and logistics companies, especially those handling financial transactions and sensitive operational data. The breach highlights the importance of robust cybersecurity measures to protect against such threats. The attack’s impact appears focused on operational disruption and potential reputation damage, with the full extent of the data compromised yet to be fully determined. The publicly accessible leak page suggests the threat actors are leveraging the incident for extortion or notoriety, with ongoing communication taking place via the provided claim URL.