Ransomware Group: LYNX

VICTIM NAME: Hanson Chambers

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LYNX Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Published on 26 August 2025 at 18:33:44, a leak page attributed to the Lynx ransomware group identifies Hanson Chambers as the victim. Hanson Chambers is described as a barristers’ chambers based in Adelaide, South Australia, providing legal representation and advisory services through an established team. The post presents the incident as a data-leak event, indicating that the attackers gained unauthorized access to the victim’s systems and exfiltrated data, which aligns with the double-extortion pattern seen in modern ransomware campaigns. A ransom-related note on the page references a payment amount of five million USD and a timestamp linked to 26/08/2025, and the page notes that a claim URL is present, suggesting a channel for negotiation or verification of the theft.

The leak page includes eight image attachments that appear to be screenshots of internal documents or materials related to Hanson Chambers’ operations. These images are hosted on onion-domain endpoints, with the actual URLs defanged in the presentation. Some attachments carry minimal or ambiguous captions such as “disclosured,” and the overall collection supports the page’s claim of data exfiltration. The publication date serves as the official release date for the leak, reinforcing the ongoing risk to professional services firms, particularly within the legal sector, from ransomware actors seeking to publicly disclose stolen materials or demand payment.