Ransomware Group: LYNX

VICTIM NAME: kosmas[.]cz

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LYNX Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to an online bookstore operating in the Czech Republic, identified as Kosmas.cz. The incident was discovered on May 28, 2025, and the attack itself was carried out on May 20, 2025. The compromised entity employs a small team of three employees. The attackers claimed responsibility through a dark web link, indicating they accessed and possibly exfiltrated sensitive data from the company’s systems. The leak includes references to various information-stealing malware families, such as RedLine, Raccoon, and Atomique, suggesting the attackers used multiple tools to gather and extract data. The presence of above 500 targeted users and the potential exposure of their information adds to the seriousness of the breach. The page features a relevant screenshot showing internal information and includes various download or leak links for the stolen data.

The compromised data likely contains internal documents, user information, and business-related data, which could be exploited for further malicious activities or identity theft. The attack incident highlights the cybersecurity vulnerabilities of small-scale organizations in the technology sector, especially online retail stores handling sensitive customer information. The leak page exposes details about the attack timeline, the malware used, and the extent of data targeted, emphasizing the importance of robust security measures. The disclosure of this breach underscores ongoing threats faced by e-commerce platforms, particularly those with limited cybersecurity resources. The leak’s evidence, including a screenshot of internal pages, suggests internal reconnaissance by the threat actors for future exploitation or ransom negotiations.