Lynx Ransomware Pouncing on Utilities

CIS CTI highlights an active 2024 ransomware threat from the Lynx group targeting U.S. utilities (energy, oil, gas), exploiting known vulnerabilities and phishing to gain access, terminating security and backup processes, deleting shadow copies, encrypting local and network data, and coercing victims via double extortion and public leak sites; the report includes associated URLs and SHA-256 IOCs and recommends defense-in-depth with CIS Controls, continuous vulnerability management, email/web protections, ICS-focused guidance, and CISA’s #StopRansomware resources.