Ransomware Group: LYNX

VICTIM NAME: nactarome[.]eu

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LYNX Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the victim entity associated with the domain “nactarome.eu,” a company founded in 2018 and based in Bresso, Italy. The attacker group, identified as “lynx,” claimed responsibility for the attack, which was publicly disclosed on July 10, 2025. The attack date is recorded as July 9, 2025. The victim operates within the food and beverage industry, specializing in developing natural flavors, colors, and functional ingredients. The leak page includes a screenshot of the attack, possibly illustrating the attack’s impact or ransom note, along with a link to the claim website hosted on a dark web onion service. The compromised data seems to include technical details, but no specific sensitive information is revealed in the provided summary. The leak page emphasizes the seriousness of the attack and demonstrates the group’s capability to access and potentially leak proprietary information of targeted companies.

Additional details such as the nature of the data compromised are not explicitly provided, but the presence of the leak and the screenshot suggests that sensitive business information may have been accessed. The attack appears targeted, and the specific methods used are not detailed here. No evidence indicates the exposure of personally identifiable information (PII) of employees or customers. The group’s communication appears to aim at pressuring the victim into compliance without discloseing specifics about the leaked data. The incident underscores the importance of cybersecurity defenses for organizations within the food sector, especially those handling proprietary formulations. The leak site provides a public warning about the attack and demonstrates the capabilities of the ransomware group responsible.