Greenhouse People Hit by Lynx Ransomware: 30GB Data Stolen
Ransomware Attack on The Greenhouse People by Lynx Group
The Greenhouse People, a prominent UK-based company specializing in the design, manufacture, and retail of greenhouses and garden buildings, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group Lynx. The attack has resulted in the exfiltration of approximately 30GB of data and the encryption of critical systems, including an Active Directory dump.
Company Overview
Established in December 2003, The Greenhouse People is a family-owned business headquartered in Cresswell, Stoke-on-Trent. With nearly 30 years of experience in the greenhouse trade, the company offers a diverse range of products, including aluminum and timber greenhouses, accessories, and free advice and planning assistance. They manufacture approximately 70% of their products in Staffordshire and operate over 35 display sites across England and Scotland. The company is known for its high-quality standards and exceptional customer service, boasting an average rating of 4.83 from nearly 5,800 reviews on Trustpilot.
Attack Overview
The ransomware attack was publicly disclosed on July 17, 2024, and has since garnered 125 views. The attackers, identified as the Lynx group, exploited vulnerabilities in The Greenhouse People's Active Directory setup to gain access to their systems. The breach led to the encryption of critical data, with a ransom demand of $18,100,000. The attackers have threatened to leak the stolen data if the ransom is not paid, employing a tactic known as double extortion.
About Lynx Ransomware Group
Lynx is a ransomware variant that targets files on infected systems, appending the ".LYNX" extension to each one. The group is known for its professional-grade tools and methods, often spreading through phishing emails, malicious downloads, and other deceptive techniques. Once the encryption process is complete, Lynx changes the desktop wallpaper and creates a "README.txt" file, both displaying the ransom note. The note directs victims to a Tor network site, increasing pressure to pay the ransom by threatening to leak the data.
Vulnerabilities and Penetration
The Greenhouse People were targeted due to vulnerabilities in their Active Directory setup, which the Lynx group exploited to gain unauthorized access. The attack highlights the importance of securing critical systems and regularly updating security protocols to prevent such breaches. Traditional security tools often detect Lynx only after the encryption has occurred, making it challenging to recover files without the decryption key held by the attackers.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!