Ransomware Group: LYNX

VICTIM NAME: www[.]pefco[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LYNX Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to PEFCO, a company engaged in facilitating U.S. export financing, primarily serving the financial services sector in the United States. The breach was discovered on August 2, 2025, following an attack that occurred earlier, on July 29, 2025. The leak exposes details related to the company’s operations, including its role in providing export loans backed by government guarantees. The leak page includes a screenshot of internal documents, indicating that sensitive operational data may have been compromised. No sensitive personal information such as PII or financial account details appears to be explicitly disclosed in the leaked content. The presence of download links suggests some data has been made available to the public through the leak. The targeted company functions as both a lender and a secondary market buyer, supporting small businesses and exporters through various financial programs. The incident highlights vulnerabilities within the financial services sector, especially those involved in export finance activities, and underscores the need for enhanced cybersecurity measures to prevent such breaches in the future.

The leak appears to include visual evidence, such as screenshots of internal documents or server interfaces, which might contain operational or strategic information. Although the leak does not specify the exact data taken, the event underlines the threat posed by ransomware groups targeting critical financial infrastructure. The attack’s timing and the nature of the leak suggest a possible intent to disrupt or threaten the company’s operations. No personal or PII data of clients or stakeholders is directly referenced in the available information, indicating that the breach may be limited to internal or operational data. This incident demonstrates the ongoing risks faced by financial institutions, particularly those involved in export credit facilitation, in the face of increasingly sophisticated cyber threats.