INC RANSOM Hackers Target the Lutheran Social Services of Indiana
INC RANSOM hackers announced another target recently. The organization went for the Lutheran Social Services of Indiana, which they apparently managed to breach on the 10th of April. The leak post was updated yesterday, suggesting the situation is still ongoing.
- The Lutheran Social Services haven’t commented on the event, so it’s unclear if they’ve decided to negotiate with the hackers
- The fact that the breach took place 11 days ago, but the event is still ongoing suggests that the victim may have at least contacted the hackers
- INC RANSOM advertises itself as cybersecurity service provider, rather than a malware actors
- The reasoning behind it is that they breach their victims to expose their cybersecurity vulnerabilities and demand a fee for that
Naturally, this is just a cover-up, as INC RANSOM qualifies as a ransomware threat with typical MOs and tactics. The gang simply poses as a service provider to ease the victims’ minds, so that they can come to terms with paying the ransom.
Several other ransomware groups use this tactic, although it doesn’t necessarily guarantee payment. As data shows, only 29% of the ransomware victims paid the ransom in Q4 of 2023. This is a significant drop from the previous years.
By comparison, in 2019, more than 85% of ransomware victims were paying the ransom, followed by a visible drop to 46% in 2021. Despite this downward trend, many still pay the ransom, which is enough to keep the hackers in business.
But is that enough for INC RANSOM? Yes and no. The fact that companies and governmental institutions have become more knowledgeable and wary about ransomware attacks isn’t optimal.
The fact that they no longer comply to the ransom demands at the same rates isn’t great either. So, ransomware actors had to adapt, INC RANSOM included. How? Several tactics are worth mentioning here.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
What Makes INC RANSOM Special?
INC RANSOM operates slightly differently than your typical uneducated ransomware gang. In a paradigm where most victims refuse to pay the ransom or even negotiate, the novel ransomware actor has adopted several noticeable tactics to circumvent that:
- Only target high-value targets whenever possible
- Upgrade the code, tactics, and MOs to guarantee smooth intrusion and a stealthy approach
- Improve the automatic exfiltration tool to leak as much data as possible
- Upgrade the encryption tool to force the victim into the negotiation chat
- Make some compromises to show some good faith
These tactics not only make it more difficult for the victim to resist the hackers but also make it trickier to overcome the problem. INC RANSOM’s encryption is very powerful and versatile, and many victims are forced to pay the ransom to recover their system.
Currently, INC RANSOM has upgraded to a double-extortion practice, forcing the victim to bargain for both the decryption key and the deletion of the data. This often increases the value of the ransom to be paid.
If you think you’re a potential target for INC RANSOM or any other ransomware gang, you might want to act today. Boost your defenses, educate your employees about avoiding traps, and contract the services of legitimate experts for a plus of security.