Ransomware Group: LYNX

VICTIM NAME: dhsmithco[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LYNX Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The compromised entity is a company operating within the Commercial & Residential Construction industry. The attack was identified on April 15, 2025, and was publicly disclosed a few days later on April 18, 2025. The leak page contains a screenshot, which appears to display internal information or documents related to the company. The website associated with the victim is dhsmithco.com, which has a workforce estimated between 50 and 99 employees, and an annual revenue ranging from one to five million dollars. The leak may include sensitive data or files, and the page features download links or exposed data files. The overall activity points to a targeted attack on a mid-sized construction firm, potentially exposing operational or client-related information.

The leak page is maintained by a group identified as “lynx” and includes visual evidence through a screenshot link. No further personal or PII details are disclosed publicly. The attack date indicates a deliberate breach, with the compromised data potentially affecting the company’s confidentiality and operations. The incident underscores the importance of cybersecurity measures for organizations in the construction sector to prevent similar attacks. The leak’s content appears to focus on data exfiltration and possibly detailed internal documents, which could have wider implications if exploited. The information provided aims to inform about the attack without revealing sensitive or proprietary details.