Greenhouse People Hit by Lynx Ransomware: 30GB Data Stolen
Incident Date:
July 29, 2024
Overview
Title
Greenhouse People Hit by Lynx Ransomware: 30GB Data Stolen
Victim
The Greenhouse People
Attacker
Lynx
Location
First Reported
July 29, 2024
Ransomware Attack on The Greenhouse People by Lynx Group
The Greenhouse People, a prominent UK-based company specializing in the design, manufacture, and retail of greenhouses and garden buildings, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group Lynx. The attack has resulted in the exfiltration of approximately 30GB of data and the encryption of critical systems, including an Active Directory dump.
Company Overview
Established in December 2003, The Greenhouse People is a family-owned business headquartered in Cresswell, Stoke-on-Trent. With nearly 30 years of experience in the greenhouse trade, the company offers a diverse range of products, including aluminum and timber greenhouses, accessories, and free advice and planning assistance. They manufacture approximately 70% of their products in Staffordshire and operate over 35 display sites across England and Scotland. The company is known for its high-quality standards and exceptional customer service, boasting an average rating of 4.83 from nearly 5,800 reviews on Trustpilot.
Attack Overview
The ransomware attack was publicly disclosed on July 17, 2024, and has since garnered 125 views. The attackers, identified as the Lynx group, exploited vulnerabilities in The Greenhouse People's Active Directory setup to gain access to their systems. The breach led to the encryption of critical data, with a ransom demand of $18,100,000. The attackers have threatened to leak the stolen data if the ransom is not paid, employing a tactic known as double extortion.
About Lynx Ransomware Group
Lynx is a ransomware variant that targets files on infected systems, appending the ".LYNX" extension to each one. The group is known for its professional-grade tools and methods, often spreading through phishing emails, malicious downloads, and other deceptive techniques. Once the encryption process is complete, Lynx changes the desktop wallpaper and creates a "README.txt" file, both displaying the ransom note. The note directs victims to a Tor network site, increasing pressure to pay the ransom by threatening to leak the data.
Vulnerabilities and Penetration
The Greenhouse People were targeted due to vulnerabilities in their Active Directory setup, which the Lynx group exploited to gain unauthorized access. The attack highlights the importance of securing critical systems and regularly updating security protocols to prevent such breaches. Traditional security tools often detect Lynx only after the encryption has occurred, making it challenging to recover files without the decryption key held by the attackers.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.