"SoftPerfect NetScan was used extensively during the intrusion… evidence from Security Event ID 4688 logs showed mstsc.exe /v:<IP address> being launched by netscan.exe, confirming the use of NetScan’s Remote Desktop functionality."

Report: https://thedfirreport.com/2025/12/17/cats-got-your-files-lynx-ransomware/
Products: https://thedfirreport.com/products/
Contact Us for pricing or a demo: https://thedfirreport.com/contact/