Ransomware Group: LYNX

VICTIM NAME: Farmo Res

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LYNX Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a victim identified as Farmo Res, an organization involved in the agriculture and food production industry based in Italy. The attack was discovered on April 23, 2025, with the threat actor indicating that approximately 300 gigabytes of sensitive private data are scheduled to be made publicly accessible within 48 hours. The page features a screenshot that appears to display internal documents or data excerpts, emphasizing the seriousness of the breach. No specific details about the type or nature of the compromised information are provided, but the mention of a large volume of data suggests significant operational impact for the victim.

The threat group responsible for this incident is identified as “lynx,” and the attack date is aligned with the discovery date, indicating a recent compromise. The leak notice includes a claim URL where further details or updates might be posted, although no sensitive or personally identifiable information is revealed. The organization’s website is provided, but no additional malware information or specific data types are disclosed publicly. The presentation emphasizes the potential exposure of private data, which could impact the organization’s operations and reputation. The inclusion of the screenshot highlights the possibility of compromised internal data or communications, underlining the severity of the incident.