Ransomware Attack Hits Johnson Laschober & Associates by Lynx
Incident Date:
August 6, 2024
Overview
Title
Ransomware Attack Hits Johnson Laschober & Associates by Lynx
Victim
Johnson Laschober & Associates
Attacker
Lynx
Location
First Reported
August 6, 2024
Ransomware Attack on Johnson Laschober & Associates by Lynx
On August 8, 2024, Johnson Laschober & Associates, P.C. (JLA), a professional architecture and engineering firm, discovered they had fallen victim to a ransomware attack orchestrated by the threat actor group known as Lynx. The attack targeted their website, thejlagroup.com, raising significant concerns about the security of sensitive information handled by the firm.
About Johnson Laschober & Associates
Johnson Laschober & Associates, P.C. (JLA) is a comprehensive architecture and engineering firm with over 40 years of experience, primarily serving clients in Augusta, Georgia, and Charleston, South Carolina. The firm specializes in a variety of professional design services, including architecture, civil engineering, electrical engineering, mechanical engineering, structural engineering, landscape architecture, and interior design. JLA's mission centers on client satisfaction, emphasizing exceptional value, professionalism, and integrity in all their projects.
Company Size and Industry Standing
JLA employs between 11 to 50 individuals, indicating a relatively small to medium-sized firm within the architecture and engineering industry. The firm is recognized for its significant presence in the Southeast region of the United States, catering to both private and public-sector clients. JLA has garnered several awards for its projects, including recognition from the American Council of Engineering Companies and Historic Augusta, highlighting its expertise in both new constructions and renovations.
Vulnerabilities and Attack Overview
The ransomware attack on JLA underscores the vulnerabilities that even well-established firms face in the digital age. The Lynx ransomware group, known for its double extortion tactics, likely penetrated JLA's systems through phishing emails or malicious downloads. Once inside, Lynx encrypted critical files, appending the ".LYNX" extension, and left a ransom note demanding payment to prevent data leakage.
About the Lynx Ransomware Group
Lynx is a ransomware variant that targets files on infected systems, appending the ".LYNX" extension to each one. The group employs advanced encryption algorithms, making it nearly impossible to recover files without the decryption key. Lynx typically spreads through phishing emails, malicious downloads, and other deceptive methods. The attackers behind Lynx are likely part of a larger, organized ransomware-as-a-service operation, utilizing professional-grade tools and methods.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.