Regis Resources Hit by Alleged Lynx Ransomware Attack, No Data Exfiltration Confirmed
Regis Resources, a major unhedged gold producer based in Western Australia, is investigating a cybersecurity incident after the Lynx ransomware group listed its subsidiary, McPhillamys Gold, on its dark web leak site on 5 January. The threat actor included names and positions of key executives but provided no further details about the attack.
Regis Resources confirmed the incident occurred in mid-November 2025, stating that its layered cybersecurity systems detected and contained the intrusion by temporarily shutting down affected systems. A forensic investigation found no evidence of data exfiltration or ransom demands, and the company reported no operational or commercial disruptions. Authorities were notified, though it remains unclear whether Lynx deployed ransomware or extracted any data.
Lynx, a ransomware group active since July 2024, claims nearly 400 victims to date. In a July 2024 statement, the group asserted it avoids targeting government institutions, hospitals, and non-profits, framing its operations as "ethical" and favoring negotiation over destructive attacks. Regis Resources’ response underscores the growing threat of ransomware to industrial sectors, even as defenses improve.
Regis Resources Ltd cybersecurity rating report: https://www.rankiteo.com/company/regis-resources
Regis Resources Ltd cybersecurity rating report: https://www.rankiteo.com/company/regis-resources
"id": "REGREG1767762104",
"linkid": "regis-resources, regis-resources",
"type": "Ransomware",
"date": "11/2025",
"severity": "50",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Mining (Gold Production)',
'location': 'Western Australia, Australia',
'name': 'Regis Resources',
'size': 'Large',
'type': 'Corporation'}],
'data_breach': {'data_exfiltration': 'No data export occurred',
'personally_identifiable_information': 'Names of key company '
'executives and their '
'positions'},
'date_detected': '2025-11-15',
'date_publicly_disclosed': '2026-01-05',
'description': 'Regis Resources, a gold producer based in Western Australia, '
'confirmed a cyber intrusion in November 2025. The Lynx '
'ransomware group listed the company on its dark web leak '
'site, claiming an attack. Regis Resources stated that no data '
'was exfiltrated and no ransom demands were made.',
'impact': {'data_compromised': 'No data export occurred',
'operational_impact': 'No operational or commercial impact'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Unclear if data was exfiltrated',
'ransom_demanded': 'No ransom demands made',
'ransomware_strain': 'Lynx'},
'references': [{'source': 'Cyber Daily'}, {'source': 'Ransomware.live'}],
'regulatory_compliance': {'regulatory_notifications': 'Relevant authorities '
'notified'},
'response': {'communication_strategy': 'Public statement confirming the '
'incident',
'containment_measures': 'Temporarily shut down and restricted '
'access to systems',
'enhanced_monitoring': 'Layered cyber security systems with '
'continuous monitoring',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes',
'remediation_measures': 'Forensic investigation'},
'threat_actor': 'Lynx',
'title': 'Lynx Ransomware Group Claims Cyber Attack on Regis Resources',
'type': 'Ransomware'}