[LYNX] – Ransomware Victim: toolsign[.]com
Ransomware Group: LYNX
VICTIM NAME: toolsign[.]com
NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LYNX Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
The ransomware leak page pertains to a company operating in the consumer services industry, headquartered in Neusorg, Bavaria, Germany. The organization employs between ten and nineteen staff members and generates an annual revenue ranging from one to five million euros. The breach was publicly announced on April 15, 2025, with the attack date recorded as April 15, 2025, at 16:22 local time. The leak was discovered approximately an hour later, indicating a swift identification of the incident. The leak site includes a screenshot of what appears to be internal documents or data, which suggests that sensitive information or data may have been compromised during the attack.
The leak page also indicates the presence of data potentially involving company information, and it includes a link to a dedicated claim URL for further details. Although no explicit details about the specific data exfiltrated are provided, the presence of a screenshot and a claim page suggests that confidential or operational data may be accessible. The company domain involved is ‘toolsign.com,’ and the attacker group associated with the leak appears to be ‘lynx,’ according to the information available. No additional information about the attack’s specifics, such as the type of ransomware used or the extent of data leaked, is present on this page.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
