iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Funlab says no guest data appears to be impacted by the attack, but some employee data has been compromised.
Australian entertainment company Funlab has confirmed it has been the victim of a ransomware attack after the Lynx ransomware gang listed the company on its leak site overnight.
Lynx has not shared how much data it managed to exfiltrate, nor its ransom demand, but has posted several screenshots and documents by way of evidence of a successful hack.
The data appears to have been hosted on a NAS device, and screenshots of file trees reveal folders called Payroll, Finance, and Gsuite Backup among others. The leaked documents include budget spreadsheets and internal communications.
Funlab confirmed the incident with Cyber Daily.
“Funlab can confirm that it is investigating a cyber-security incident that affected some of its IT systems on Friday, Saturday, and Sunday the 20th-22nd of September. All operations were returned to business as usual within 48 hours. Funlab has engaged with appropriate regulatory authorities,” a Funlab spokesperson told Cyber Daily.
“Detailed work has been completed and, while continuing with the assistance of our external experts, Funlab does not believe guest data has been accessed and that only a small number of current and former employees – in the low double digits – have had limited information accessed. Some of that information is redundant given the expiry dates of the data.
“Funlab has reached out to any employee past or present that it considers may have had any data accessed and is providing the appropriate assistance.”
Funlab is a “creator of competitive socialising experiences,” and operates 40 locations in Australia, New Zealand, and the United States. Its brands include the well-known Strike Bowling, as well as Holey Moley mini-golf bars and Archie Brothers. Funlab has more than 2,000 employees and was recently acquired by private equity firm TPG Capital.
Lynx first appeared on the scene in July 2024 and according to researchers is a rebranding of the INC Ransomware operation. It is known to use double extortion in its attacks, both encrypting data on a victim’s network and exfiltrating it to threaten its release at a later date.
Lynx describes its motivation as being “grounded in financial incentives, with a clear intention to avoid undue harm to organisations,” according to its leak site description.
“We recognise the importance of ethical considerations in the pursuit of financial gain and maintain a strict policy against targeting governmental institutions, hospitals, or non-profit organisations, as these sectors play vital roles in society.”
I’m sure this makes everyone at Funlab feel so much better about being a Lynx victim.
The gang's most recent Australia victim was Western Australia-based Myelec Electrical Wholesalers.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
