The Lynx ransomware group claims to have compromised Grupo Ruiz, a leading firm in sustainable and innovative mobility based in Spain. With over a century of experience, the company is a pioneer in sustainable transport solutions, operating a significant portion of its fleet using compressed natural gas and electricity. Grupo Ruiz reportedly generates an income of approximately $83.8 million and focuses heavily on technological innovation and AI to optimize its transport processes.
The allegedly compromised data, which has been listed as “Proof” by the threat actors, reportedly includes a vast array of sensitive corporate and employee information. Based on the file structures and screenshots provided by the group, the exposed data includes:
-
Financial Records: Accounting ledgers (“CONTABILIDAD”), purchase records (“COMPRAS”), banking KYC documents (“KYC GRUPO RUIZ”), and tax filings (“HACIENDA”, “IMPUESTOS”).
-
Human Resources Data: Payroll files (“NOMINAS”), income certificates (“CertificadoIngresos.pdf”), employment offers, and general personnel files (“RRHH-CENTRAL”, “PERSONAL”).
-
Legal and Administrative Documents: Court files (“JUZGADOS”), insurance claims (“SEGUROS”, “SINIESTROS”), and fines (“MULTAS”).
-
Operational Details: Fleet management folders, driver information (including criminal record certificates for drivers), and internal administrative audits.
