Ransomware Group: LYNX

VICTIM NAME: abfe

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LYNX Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page attributed to abfe presents a ransomware-style claim in which the attackers state that abfe’s environment has been encrypted and that a substantial data footprint is involved. The visible excerpt references encryption and lists a data volume described as 35 GB, with an additional numeric value appearing in the text. The post is dated August 20, 2025, and the material is labeled Confidential. While the page does not clearly identify a formal industry, the accompanying text describes abfe as a supplier of pressure‑sensitive adhesives for multiple sectors, including aerospace, automotive, graphics, HVAC and insulation, industrial, footwear, and surface protection. The page places the victim in Singapore. No explicit ransom amount is shown in the accessible text, and there is no clearly stated compromise date beyond the post date.

The page contains five image attachments that appear to be screenshots or scans of internal documents. The images are hosted behind onion-style addresses, and their contents are not described in detail on the page. The presence of multiple images aligns with common ransomware leak-page practice, providing visual material to corroborate the claimed data exfiltration or encryption. The entry retains the victim name as abfe and marks the material as Confidential.

Additional context observed includes a claim URL indicator on the page, suggesting there may be a link or pathway for negotiation or data access. There is no explicit compromise date provided; the post date (August 20, 2025) serves as the timestamp for the leak. The content notes a data footprint described in the excerpt, with no ransom figure disclosed within the visible text. Overall, the page presents a ransomware‑focused claim centered on encryption, with evidence in the form of five images and a confidential categorization, attributed to the victim abfe.