Ransomware Group: LYNX

VICTIM NAME: diyar[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LYNX Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to the victim website diyar.com, which specializes in architecture, engineering, and design services. The breach was discovered on May 16, 2025, approximately at 23:04. The attackers released various data associated with the organization and included screenshots of internal documents. The leak was attributed to the group known as “lynx.” The compromised data involves information stored on the victim’s server, and the leak page provides a claim URL linking to the detailed leak report through a Tor domain. The incident is notable due to the encryption of sensitive data and the leak of internal materials, which could impact the company’s reputation and operational security.

The leak contains evidence of data exfiltration, including details such as the number of employees, third-party domain associations, and infostealer activity involving multiple malware families. Notable infostealer tools detected include Azorult, Lumma, Raccoon, RedLine, StealC, and Vidar, indicating a sophisticated phishing and data theft campaign. The leak page also features a screenshot illustrating compromised data or internal systems. While specific PII is not disclosed publicly, the amount of exposed information could potentially be exploited if further examined. The attack demonstrates the threat posed by cybercriminal groups targeting organizational vulnerabilities and emphasizing the importance of robust cybersecurity measures.