INC Ransom Group Targets Arkopharma Pharmaceutical Laboratory in a Recent Cyberattack

Miklos Zoltan

By Miklos Zoltan . 4 September 2023

Founder - Privacy Affairs

Arkopharma, the well-known pharmaceutical platform, has just been the victim of a ransomware attack by INC Ransom, a fairly new cybercriminal group. They made this announcement on their blog.


  • Arkopharma became the target of a ransomware attack by the INC Ransom group
  • Arkopharma is a pharmaceutical laboratory that specializes in natural medicine, dietary supplements, and phytotherapy
  • As of right now, the Arkopharma website is up and running
  • INC Ransom has a history of ransomware attacks on vulnerable targets such as hotels

We don’t know specific details about the ransomware that was used in the Arkopharma attack. However, their website is accessible right now.

This might mean that they’ve either paid the ransom or managed to deal with the ransomware.

Arkopharma hack

Arkopharma is the market leader in dietary supplements, reaching a 13.5% market share for them, and a 40% market share in phototherapy.

In short, they were prime targets for a newcomer ransomware group like INC Ransom. The group is anxious to make a name for itself and has already targeted multiple enterprises.

Modus Operandi & Attack History of INC Ransom

The group’s first target was Thermenhotel Stoiser, which they leaked on their blog and offered proof of.

We don’t know about other targets yet but their blog (on the Dark Web) contains multiple entries. So, we can be sure that there have been multiple victims of INC Ransom.

As for their modus operandi, you can read more in the picture below:

Ransomware on dark web

IN Ransom appears more professional and confident in their skills compared to the run-of-the-mill cybercriminals you see most of the time.

They don’t offer any specific details about the required payment but they do provide a contact form.

It’s still unclear whether the victims managed to escape from the ransomware attack or if they were forced to acquiesce to the demands. Most experts agree that giving in to a ransomware attack is never a good idea.

According to, the cyberattack on the Thermenhotel Stoiser (Austrian hotel) took place over a week, from the initial infiltration to the file encryption.

The hacker group did not meet with too many difficulties during the infiltration and encryption of the Thermenhotel Stoiser website and databases.

The group has not been traced yet and, as of the writing of this article, it is still operating unchecked, which means there may be more attacks in the future.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment