Ransomware Group: LYNX

VICTIM NAME: cibraco

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LYNX Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a company based in Curitiba, Brazil, operating in the real estate sector with over 80 years of experience. The victim, identified as Cibraco Imóveis, specializes in property sales and rentals within the metropolitan area. Attackers publicly disclosed sensitive data associated with this organization, indicating a breach occurred on August 5, 2025. The breach was discovered shortly after the attack, on the same day, suggesting rapid detection or public reporting. The leak page includes a screenshot depicting internal data or documents, highlighting the compromised information. No specific details about the type or extent of data leaked are provided, but the presence of a dedicated claim URL indicates ongoing or completed data exfiltration efforts.

The leak page features a link to a dark web claiming portal, where the attackers have published the compromised information. Though the exact data leaked has not been detailed publicly, the website’s appearance and structure suggest the exposure may involve sensitive corporate data or internal communications. The attack group’s name is associated with “lynx,” but there is no indication of the specific methods used or the extent of the attack. The company’s official website remains operational, but the breach raises concerns over data security and confidentiality. Images that accompany the leak show internal documents or screenshots, underscoring the seriousness of the intrusion and potential risks for the company’s operations and reputation.