Theat Actor Accessed INC and Lynx Ransom Negotiation Panels SOCRadar linked the FortiBleed credential-harvesting operation to ransomware groups INC Ransom and Lynx, citing evidence that a sophisticated initial access broker compromised more than 430,000 FortiGate firewalls, prioritized high-value organizations and enabled ransomware attacks against governments, critical infrastructure and major enterprises.