Australian entertainment company Funlab has confirmed that it recently experienced a ransomware attack orchestrated by the Lynx ransomware gang. The confirmation came after Lynx listed Funlab on its leak site, providing screenshots and documents that suggest successful data exfiltration. While the exact amount of compromised data and the ransom demand remain undisclosed, the evidence presented by the gang includes details from sensitive folders such as Payroll and Finance, as well as internal communications.
The incident reportedly impacted Funlab’s IT systems over the weekend of September 20-22, 2024, but the company was able to return to normal operations within 48 hours. A spokesperson for Funlab stated that an investigation is underway, and the company is working with regulatory authorities to address the situation. They assured stakeholders that guest data does not appear to have been accessed during the attack, although a limited amount of information concerning a small number of current and former employees may have been compromised.
Funlab has proactively reached out to affected employees, offering assistance to those whose information may have been accessed. The company emphasized that much of this information is likely outdated, given the expiry dates associated with the data. With over 2,000 employees and 40 locations across Australia, New Zealand, and the United States, Funlab operates several popular brands, including Strike Bowling and Holey Moley mini-golf bars.
The Lynx ransomware gang, which emerged in July 2024, is known for its double extortion tactics, which involve both encrypting data on victims’ networks and threatening to release exfiltrated data later. The group claims to be motivated by financial gain while adhering to ethical considerations by avoiding attacks on government institutions, hospitals, and non-profit organizations. This recent attack on Funlab highlights the growing cybersecurity challenges facing businesses and the importance of robust defenses against evolving ransomware threats.
