St Joseph’s College Echuca is a co-educational college that has been educating the community in the Echuca Moama region of northern Victoria and southern NSW since 1886. With two campuses, one for years 7 to 9 and the other for 10 to 12, the college says it provides “the best education possible for your child.”
The college was listed on the dark web leak site of the Lynx ransomware gang on 5 January, with the group claiming to have encrypted and breached the organisation’s network.
Lynx provided very little detail about the incident and failed to provide any “proof” of the incident, which is common for the threat actor.
Cyber Daily has reached out to St Joseph’s College Echuca, but has yet to receive a response. It is currently unclear whether or not an incident has occurred.
Cyber Daily will provide an update if it receives a statement from the college.
The ransomware gang has targeted a number of Australian organisations of late, most recently Regis Resources.
The company’s subsidiary, McPhillamys Gold, was listed on the dark web leak site of the Lynx ransomware group on Monday (5 January), suggesting that the group was claiming a cyber attack.
In response to Cyber Daily, Regis Resources confirmed that it was aware of an incident that occurred in November 2025, adding that it was currently investigating the matter.
“Like most large organisations, Regis is subject to ongoing, routine cyber scanning and attempted intrusions. We operate layered cyber security systems that continuously monitor our systems, identify potential threats, and isolate and neutralise them as required. These controls are designed to protect sensitive information and maintain business continuity,” the company said.
“In mid-November 2025, our systems identified a cyber intrusion. Our safeguards temporarily shut down and restricted access to our system as it was designed to do.
“A subsequent forensic investigation has indicated no data export occurred, and no ransom demands have been made.”
“The relevant authorities were notified. There was no operational or commercial impact.”
Who is Lynx?
Lynx claimed its first victim in July 2024 and has almost 400 victims to date, according to Ransomware.live.
In a “press release” published on the gang’s leak site in July 2024, Lynx said its “clear intention” is to avoid “undue harm” to the companies it targets.
“We recognise the importance of ethical considerations in the pursuit of financial gain and maintain a strict policy against targeting governmental institutions, hospitals, or non-profit organisations, as these sectors play vital roles in society,” Lynx said.
“Our operational model encourages dialogue and resolution rather than chaos and destruction. We believe that fostering an environment where businesses can engage in constructive problem solving can lead to better outcomes for all parties involved.”
Daniel Croft