Ransomware Group: LYNX

VICTIM NAME: True World Group LLC

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LYNX Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 19, 2025, a leak post attributed to the Lynx group publicly identifies True World Group LLC as a victim of a ransomware incident. The leak’s metadata places the company in the United States and describes True World Group LLC as a major, diversified seafood-products business with global operations. The post frames the event as a data-leak scenario rather than a straightforward encryption incident, aligning with common double-extortion patterns where stolen data is exposed or offered for sale. Although the accessible excerpt does not present a clear ransom amount, it includes a line labeled “Proof” containing a large numeric value and a date, which appears to serve as a verifiable claim of exfiltration. No explicit compromise date is shown; thus, the post date serves as the primary timestamp for this release. The page also indicates the presence of a dedicated claim URL for the case, suggesting additional attacker-provided details may be accessible elsewhere on the leak site.

Visual evidence accompanying the leak consists of eight image attachments that appear to be screenshots or internal documents. These images are hosted via onion-based endpoints, a tactic frequently used by ransomware actors to distribute or prove leaked data. Some attachments carry alt text such as “disclosured,” signaling partial disclosure of their contents. The page does not provide direct public downloads, and the available excerpt does not reveal personal contact details or other PII. Taken together, the leak asserts a data-exfiltration breach against True World Group LLC, supported by multiple visual proofs, though no explicit ransom figure is shown within the excerpt provided.