{"id":133558,"date":"2025-11-18T05:42:51","date_gmt":"2025-11-18T05:42:51","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=133558"},"modified":"2025-11-18T05:42:56","modified_gmt":"2025-11-18T05:42:56","slug":"threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/","title":{"rendered":"Threat Actors Leveraging Compromised RDP Logins to Deploy Lynx Ransomware After Deleting Server Backups"},"content":{"rendered":"\n

Lynx ransomware has emerged as a significant threat to enterprise environments, with recent intrusions demonstrating sophisticated attack strategies that prioritize data exfiltration and infrastructure destruction.<\/p>\n\n\n\n

The malware campaign combines compromised credentials with careful planning to ensure maximum impact on target networks.<\/p>\n\n\n\n

Security researchers continue to monitor<\/a> this evolving threat as attackers refine their techniques and expand their targeting scope across various industries.<\/p>\n\n\n\n

The attack chain reveals a methodical approach where threat actors gain initial access through compromised Remote Desktop Protocol credentials, likely sourced from infostealer malware<\/a>, data breaches, or initial access brokers.<\/p>\n\n\n\n

What distinguishes this campaign is the extended preparation phase before ransomware deployment. Attackers spend days conducting reconnaissance, mapping network infrastructure, and establishing persistent backdoors rather than rushing to encrypt systems immediately.<\/p>\n\n\n\n

This calculated approach significantly increases their chances of success by identifying high-value targets and securing escape routes before triggering detection alarms.<\/p>\n\n\n\n

The DFIR Report security analysts identified<\/a> that the intrusion began in early March 2025 when an unknown threat actor successfully logged into an internet-facing RDP endpoint using valid credentials.<\/p>\n\n\n\n

Notably, no evidence of credential stuffing or brute force attempts preceded this access, indicating the attackers possessed legitimate account credentials from the start.<\/p>\n\n\n\n

Within minutes of initial access, the threat actor began conducting system reconnaissance using command prompt utilities and deployed SoftPerfect Network Scanner for wider network enumeration.<\/p>\n\n\n\n

The attack evolved rapidly as the threat actor moved laterally to the domain controller within just ten minutes using a separate compromised administrator account.<\/p>\n\n\n

\n
\"\"
Lateral Movement (Source – The DFIR Report)<\/figcaption><\/figure><\/div>\n\n\n

Once positioned on the domain controller, the attacker created multiple fake accounts designed to mimic legitimate users, such as administratr, adding them to privileged groups including Domain Administrators.<\/p>\n\n\n\n

The attackers also installed AnyDesk remote<\/a> access software to establish persistence, ensuring continued access even if their original credentials were discovered.<\/p>\n\n\n\n

Understanding Backup Destruction as an Attack Vector<\/strong><\/h2>\n\n\n\n

A particularly concerning aspect of this Lynx ransomware campaign is the deliberate destruction of backup infrastructure before deploying the malware. After six days of dormancy, the threat actor returned and resumed operations by conducting password spray attacks using NetExec.<\/p>\n\n\n\n

They systematically collected sensitive data from network shares, compressing these files using 7-Zip before exfiltrating the archives via temp.sh, a temporary file-sharing service.<\/p>\n\n\n\n

This data collection phase served as a double extortion preparation method, allowing attackers to threaten victims with data publication if ransoms went unpaid.<\/p>\n\n\n\n

The critical final phase involved connecting directly to backup servers and systematically deleting backup jobs. By removing backup recovery points before deploying Lynx ransomware<\/a>, the attackers eliminated the victims’ ability to restore encrypted files through alternative means.<\/p>\n\n\n

\n
\"\"
Temporary file sharing site (Source – The DFIR Report)<\/figcaption><\/figure><\/div>\n\n\n

This strategy transforms the ransomware into a more effective extortion tool since organizations cannot simply restore from backups.<\/p>\n\n\n\n

The overall time from initial compromise to ransomware deployment reached approximately 178 hours across nine days, allowing the attackers to carefully stage their attack and maximize organizational disruption when Lynx finally encrypted critical systems across multiple backup and file servers.<\/p>\n\n\n\n

Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0Set CSN as a Preferred Source in\u00a0Google<\/a>.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Lynx ransomware has emerged as a significant threat to enterprise environments, with recent intrusions demonstrating sophisticated attack strategies that prioritize data exfiltration and infrastructure destruction. The malware campaign combines compromised credentials with careful planning to ensure maximum impact on target networks. Security researchers continue to monitor this evolving threat as attackers refine their techniques and […]<\/p>\n","protected":false},"author":6,"featured_media":133561,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiruqdbbrH3VGy8GGudGWOrQkNzjTraHaWvi0GfAc_LrigB9FYrFJy1HXH4VszwfMXOIcJoSnxOV7XaPtjNOVffsVYL5IOr8_DeyF2fhrhSJ8ya2mkQn-domUybKDTSIxMxBixFAlOnz1m2J2q0OnFxYG63jnpSxNHYlt8P2LS30MC-NuaaEFR_ch-WMQ8\/s16000\/Threat%20Actors%20Leveraging%20Compromised%20RDP%20Logins%20to%20Deploy%20Lynx%20Ransomware%20After%20Deleting%20Server%20Backups.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,48],"tags":[149,151],"class_list":{"0":"post-133558","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security-news","8":"category-threats","9":"tag-cyber-security","10":"tag-cyber-security-news"},"yoast_head":"\nThreat Actors Leveraging compromised RDP Logins to Deploy Lynx Ransomware After Deleting Server Backups<\/title>\n<meta name=\"description\" content=\"Lynx ransomware uses stolen RDP creds, long recon, and data theft before destructive attacks on enterprise networks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Threat Actors Leveraging Compromised RDP Logins to Deploy Lynx Ransomware After Deleting Server Backups\" \/>\n<meta property=\"og:description\" content=\"Lynx ransomware uses stolen RDP creds, long recon, and data theft before destructive attacks on enterprise networks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-18T05:42:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-18T05:42:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiruqdbbrH3VGy8GGudGWOrQkNzjTraHaWvi0GfAc_LrigB9FYrFJy1HXH4VszwfMXOIcJoSnxOV7XaPtjNOVffsVYL5IOr8_DeyF2fhrhSJ8ya2mkQn-domUybKDTSIxMxBixFAlOnz1m2J2q0OnFxYG63jnpSxNHYlt8P2LS30MC-NuaaEFR_ch-WMQ8\/s16000\/Threat%20Actors%20Leveraging%20Compromised%20RDP%20Logins%20to%20Deploy%20Lynx%20Ransomware%20After%20Deleting%20Server%20Backups.webp\" \/><meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiruqdbbrH3VGy8GGudGWOrQkNzjTraHaWvi0GfAc_LrigB9FYrFJy1HXH4VszwfMXOIcJoSnxOV7XaPtjNOVffsVYL5IOr8_DeyF2fhrhSJ8ya2mkQn-domUybKDTSIxMxBixFAlOnz1m2J2q0OnFxYG63jnpSxNHYlt8P2LS30MC-NuaaEFR_ch-WMQ8\/s16000\/Threat%20Actors%20Leveraging%20Compromised%20RDP%20Logins%20to%20Deploy%20Lynx%20Ransomware%20After%20Deleting%20Server%20Backups.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tushar Subhra Dutta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiruqdbbrH3VGy8GGudGWOrQkNzjTraHaWvi0GfAc_LrigB9FYrFJy1HXH4VszwfMXOIcJoSnxOV7XaPtjNOVffsVYL5IOr8_DeyF2fhrhSJ8ya2mkQn-domUybKDTSIxMxBixFAlOnz1m2J2q0OnFxYG63jnpSxNHYlt8P2LS30MC-NuaaEFR_ch-WMQ8\/s16000\/Threat%20Actors%20Leveraging%20Compromised%20RDP%20Logins%20to%20Deploy%20Lynx%20Ransomware%20After%20Deleting%20Server%20Backups.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tushar Subhra Dutta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Threat Actors Leveraging compromised RDP Logins to Deploy Lynx Ransomware After Deleting Server Backups","description":"Lynx ransomware uses stolen RDP creds, long recon, and data theft before destructive attacks on enterprise networks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/","og_locale":"en_US","og_type":"article","og_title":"Threat Actors Leveraging Compromised RDP Logins to Deploy Lynx Ransomware After Deleting Server Backups","og_description":"Lynx ransomware uses stolen RDP creds, long recon, and data theft before destructive attacks on enterprise networks.","og_url":"https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_published_time":"2025-11-18T05:42:51+00:00","article_modified_time":"2025-11-18T05:42:56+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiruqdbbrH3VGy8GGudGWOrQkNzjTraHaWvi0GfAc_LrigB9FYrFJy1HXH4VszwfMXOIcJoSnxOV7XaPtjNOVffsVYL5IOr8_DeyF2fhrhSJ8ya2mkQn-domUybKDTSIxMxBixFAlOnz1m2J2q0OnFxYG63jnpSxNHYlt8P2LS30MC-NuaaEFR_ch-WMQ8\/s16000\/Threat%20Actors%20Leveraging%20Compromised%20RDP%20Logins%20to%20Deploy%20Lynx%20Ransomware%20After%20Deleting%20Server%20Backups.webp","type":"","width":"","height":""},{"width":1600,"height":900,"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiruqdbbrH3VGy8GGudGWOrQkNzjTraHaWvi0GfAc_LrigB9FYrFJy1HXH4VszwfMXOIcJoSnxOV7XaPtjNOVffsVYL5IOr8_DeyF2fhrhSJ8ya2mkQn-domUybKDTSIxMxBixFAlOnz1m2J2q0OnFxYG63jnpSxNHYlt8P2LS30MC-NuaaEFR_ch-WMQ8\/s16000\/Threat%20Actors%20Leveraging%20Compromised%20RDP%20Logins%20to%20Deploy%20Lynx%20Ransomware%20After%20Deleting%20Server%20Backups.webp","type":"image\/jpeg"}],"author":"Tushar Subhra Dutta","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiruqdbbrH3VGy8GGudGWOrQkNzjTraHaWvi0GfAc_LrigB9FYrFJy1HXH4VszwfMXOIcJoSnxOV7XaPtjNOVffsVYL5IOr8_DeyF2fhrhSJ8ya2mkQn-domUybKDTSIxMxBixFAlOnz1m2J2q0OnFxYG63jnpSxNHYlt8P2LS30MC-NuaaEFR_ch-WMQ8\/s16000\/Threat%20Actors%20Leveraging%20Compromised%20RDP%20Logins%20to%20Deploy%20Lynx%20Ransomware%20After%20Deleting%20Server%20Backups.webp","twitter_creator":"@The_Cyber_News","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Tushar Subhra Dutta","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/"},"author":{"name":"Tushar Subhra Dutta","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c"},"headline":"Threat Actors Leveraging Compromised RDP Logins to Deploy Lynx Ransomware After Deleting Server Backups","datePublished":"2025-11-18T05:42:51+00:00","dateModified":"2025-11-18T05:42:56+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/"},"wordCount":531,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"image":{"@id":"https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/#primaryimage"},"thumbnailUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiruqdbbrH3VGy8GGudGWOrQkNzjTraHaWvi0GfAc_LrigB9FYrFJy1HXH4VszwfMXOIcJoSnxOV7XaPtjNOVffsVYL5IOr8_DeyF2fhrhSJ8ya2mkQn-domUybKDTSIxMxBixFAlOnz1m2J2q0OnFxYG63jnpSxNHYlt8P2LS30MC-NuaaEFR_ch-WMQ8\/s16000\/Threat%20Actors%20Leveraging%20Compromised%20RDP%20Logins%20to%20Deploy%20Lynx%20Ransomware%20After%20Deleting%20Server%20Backups.webp?w=1600&resize=1600,900&ssl=1","keywords":["cyber security","cyber security news"],"articleSection":["Cyber Security News","Threats"],"inLanguage":"en-US","copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/","url":"https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/","name":"Threat Actors Leveraging compromised RDP Logins to Deploy Lynx Ransomware After Deleting Server Backups","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/#primaryimage"},"image":{"@id":"https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/#primaryimage"},"thumbnailUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiruqdbbrH3VGy8GGudGWOrQkNzjTraHaWvi0GfAc_LrigB9FYrFJy1HXH4VszwfMXOIcJoSnxOV7XaPtjNOVffsVYL5IOr8_DeyF2fhrhSJ8ya2mkQn-domUybKDTSIxMxBixFAlOnz1m2J2q0OnFxYG63jnpSxNHYlt8P2LS30MC-NuaaEFR_ch-WMQ8\/s16000\/Threat%20Actors%20Leveraging%20Compromised%20RDP%20Logins%20to%20Deploy%20Lynx%20Ransomware%20After%20Deleting%20Server%20Backups.webp?w=1600&resize=1600,900&ssl=1","datePublished":"2025-11-18T05:42:51+00:00","dateModified":"2025-11-18T05:42:56+00:00","description":"Lynx ransomware uses stolen RDP creds, long recon, and data theft before destructive attacks on enterprise networks.","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/#primaryimage","url":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiruqdbbrH3VGy8GGudGWOrQkNzjTraHaWvi0GfAc_LrigB9FYrFJy1HXH4VszwfMXOIcJoSnxOV7XaPtjNOVffsVYL5IOr8_DeyF2fhrhSJ8ya2mkQn-domUybKDTSIxMxBixFAlOnz1m2J2q0OnFxYG63jnpSxNHYlt8P2LS30MC-NuaaEFR_ch-WMQ8\/s16000\/Threat%20Actors%20Leveraging%20Compromised%20RDP%20Logins%20to%20Deploy%20Lynx%20Ransomware%20After%20Deleting%20Server%20Backups.webp?w=1600&resize=1600,900&ssl=1","contentUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiruqdbbrH3VGy8GGudGWOrQkNzjTraHaWvi0GfAc_LrigB9FYrFJy1HXH4VszwfMXOIcJoSnxOV7XaPtjNOVffsVYL5IOr8_DeyF2fhrhSJ8ya2mkQn-domUybKDTSIxMxBixFAlOnz1m2J2q0OnFxYG63jnpSxNHYlt8P2LS30MC-NuaaEFR_ch-WMQ8\/s16000\/Threat%20Actors%20Leveraging%20Compromised%20RDP%20Logins%20to%20Deploy%20Lynx%20Ransomware%20After%20Deleting%20Server%20Backups.webp?w=1600&resize=1600,900&ssl=1","width":"1600","height":"900"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/threat-actors-leveraging-compromised-rdp-logins-to-deploy-lynx\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"Threat Actors Leveraging Compromised RDP Logins to Deploy Lynx Ransomware After Deleting Server Backups"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World's #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c","name":"Tushar Subhra Dutta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","caption":"Tushar Subhra Dutta"},"description":"Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics.","url":"https:\/\/cybersecuritynews.com\/author\/tushar\/"}]}},"jetpack_featured_media_url":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiruqdbbrH3VGy8GGudGWOrQkNzjTraHaWvi0GfAc_LrigB9FYrFJy1HXH4VszwfMXOIcJoSnxOV7XaPtjNOVffsVYL5IOr8_DeyF2fhrhSJ8ya2mkQn-domUybKDTSIxMxBixFAlOnz1m2J2q0OnFxYG63jnpSxNHYlt8P2LS30MC-NuaaEFR_ch-WMQ8\/s16000\/Threat%20Actors%20Leveraging%20Compromised%20RDP%20Logins%20to%20Deploy%20Lynx%20Ransomware%20After%20Deleting%20Server%20Backups.webp?w=1600&resize=1600,900&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/133558","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=133558"}],"version-history":[{"count":1,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/133558\/revisions"}],"predecessor-version":[{"id":133560,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/133558\/revisions\/133560"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media\/133561"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=133558"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=133558"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=133558"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}