Ransomware Group: LYNX

VICTIM NAME: GRECA Asfaltos (grupogreca[.]com[.]br)

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LYNX Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to GRECA Asfaltos, a prominent company specializing in asphalt production, logistics, and financial solutions within Brazil. The attack was confirmed to have occurred on June 4, 2025. The overview provided on the leak page emphasizes the company’s long-standing history of over 60 years, highlighting its contribution to infrastructure development across Brazil with 14 operational units in 10 states. The description underscores GRECA’s commitment to quality, technological innovation, and continuous growth, reflecting its status as a major player in the Brazilian construction industry. The leak page included a screenshot depicting internal documents, indicating potential data exposure related to the company’s operations.

The leak suggests that malicious actors targeted the company’s network, possibly to access proprietary or operational data. The incident was disclosed publicly through the leak site, and a hyperlink to the claim page is provided for further details. Despite the attack, no specific sensitive information, such as PII or confidential data, has been explicitly detailed in the summary. The screenshot provided indicates a visual representation of internal content, which might include operational or corporate information. The site also contains links for potential data downloads, implying that compromised data may be available for review. The incident didn’t report any external threat actors besides the ransomware group involved. No information about the number of affected employees or third-party impacts was revealed.