Ransomware Attack Disrupts Funlab Operations Lynx Group Involved
Ransomware Attack on Funlab: Lynx Group Claims Responsibility
Funlab Pty Ltd, a prominent entertainment provider in Australia, recently experienced a ransomware attack executed by the Lynx group. Known for its creative venues like Strike Bowling and Holey Moley, Funlab operates over 53 locations across Australia, New Zealand, and the United States. The company is celebrated for its "competitive socialized experiences," which merge fun and competition in a social environment, appealing to both children and adults.
Company Profile and Vulnerabilities
Founded in 2001, Funlab has expanded significantly, employing approximately 2,500 people. The company's digital transformation initiatives, including a comprehensive digital ecosystem developed with Merkle Australia and Salesforce, have bolstered its online presence. However, this digital growth may have also introduced vulnerabilities that threat actors like Lynx could exploit. The integration of various digital platforms, while advantageous for customer engagement, can create potential entry points for cyberattacks.
Attack Overview
The ransomware attack took place over the weekend of September 20–22, severely affecting Funlab's IT infrastructure. Lynx claims to have accessed sensitive company data, including directories labeled "payroll," "finance," and "Gsuite backup." Screenshots of budget spreadsheets and internal communications were shared on Lynx's dark web portal. Despite the breach, Funlab restored its operations within 48 hours and assured that guest data remains secure. However, some information from current and former employees may have been accessed, prompting the company to provide necessary support to affected individuals.
About Lynx Ransomware Group
Lynx ransomware, which emerged in July 2024, operates under a Ransomware-as-a-Service model, employing both single and double extortion techniques. The group is believed to be a rebranding of the INC ransomware, with similarities in their source code. Lynx primarily targets Windows environments, using phishing campaigns and malicious downloads as initial infection vectors. The group distinguishes itself by its aggressive strategy, causing maximum disruption and listing non-compliant victims on its TOR-hosted leak site.
Potential Penetration Methods
Considering Lynx's operational tactics, the attack on Funlab likely involved phishing campaigns or malicious downloads to infiltrate the company's systems. The integration of multiple digital platforms in Funlab's operations could have provided various entry points for the ransomware, allowing Lynx to execute its attack effectively.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!