Ransomware Group: LYNX

VICTIM NAME: Wilkie Sanderson

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LYNX Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to an incident involving the manufacturing company associated with the victim, Wilkie Sanderson, located in the United States. The attack was detected on May 21, 2025, and the compromised data was publicly disclosed on the dark web on June 2, 2025. The attackers claim to have exfiltrated sensitive internal data, which has been made available for download via the provided link. The leak appears to involve confidential documents or internal information, although specific details are not disclosed to the public. The page includes a screenshot that may show internal notes or data, but no explicit sensitive information is shared. This attack highlights ongoing cybersecurity threats in the manufacturing sector, especially around data exfiltration and ransomware extortion tactics.

The incident involves a claim by a group identified as “lynx.” The leak’s primary purpose appears to be showcasing the exfiltrated data to pressure the victim into complying with demands or as part of extortion activities. The description states, “On time. Every time,” which may be a slogan or a generic phrase used by the attackers. The leak portal provides a claim URL for further verification or negotiation, but no personally identifiable information or company-specific details are disclosed publicly. A relevant screenshot demonstrates the nature of the data leak, likely depicting internal data or documents. The incident underscores the persistent cyber threats faced by manufacturing companies, with attackers leveraging ransomware to extract valuable business information.”