Summary
On October 2, 2025, the ransomware group Lynx publicly claimed responsibility for an attack targeting
Surati Sweet Mart (suratisweetmart.com), a Canada-based company specializing in pharmacy and drugs manufacturing.
According to the threat actor’s post, they intend to release sensitive data unless negotiations are initiated.
Incident Report
| Field | Details |
|---|---|
| Target | Surati Sweet Mart |
| Domain | suratisweetmart.com |
| Country | Canada |
| Attacking Group | Lynx |
| Date Reported | October 2, 2025 |
| Threat Actor Statement | “We have over 600 GB of your data, if you don’t want your data leaked or sold, let us…” |
Surati Sweet Mart, known for its significant role in the pharmacy and drug manufacturing sector in Canada, has unfortunately become a target of the Lynx ransomware group. This highlights the increasing threat to companies in this industry, emphasizing the need for vigilant cybersecurity practices.
Proactive measures, such as darkweb monitoring, can be instrumental in early detection and response to such threats. Regularly scanning for exposed credentials and data on the darkweb can provide an essential layer of defense. We recommend using tools like the email breach checker available at MSP Dark Intel Domain Breach Scan to keep an eye on your company’s exposure and mitigate risks effectively.
Recommendations
- Monitor your domains and email addresses for exposure using reputable threat intelligence tools.
- Conduct a full compromise assessment and incident response drill internally.
- Verify backups and ensure they are offline and ransomware-resistant.
- Educate staff on phishing, social engineering, and lateral movement techniques used by groups like Qilin.
- Engage with cyber forensics and legal counsel before initiating contact with threat actors.
Check Your Exposure
Wondering if your organization or employees are impacted by recent breach activity?
-
Check domain-wide breach exposure:
mspdarkintel.com/domain-breach-scan -
Check if an email was breached:
mspdarkintel.com/email-breach-scan
Disclaimer
The MSPDarkIntel team does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information.
All breach data reported here is sourced from publicly available threat intelligence feeds for awareness and early-warning purposes only.
Our goal is to inform organizations of emerging threats so they can take timely defensive action.
Table of Contents
