Inc Ransom Hits 3 Countries

Bogdan Pătru

By Bogdan Pătru . 25 March 2024

Tech Writer

Alex Popa

Fact-Checked this

INC RANSOM announced 3 new victims on their public platform, located in 3 different countries: Peru, Georgia, and the US. The attacks took place today, so neither of the victims have had time to comment on the incident.

  • INC RANSOM has been more active recently, which correlates with an increase in ransomware attacks across the board
  • The 3 confirmed targets are the Peruvian Army, Pantana Accounting & Tax, and Law Offices of John V. Rick
  • The hackers claimed that they’ve seized a lot of valuable data, which they plan on releasing soon if negotiations are unsuccessful
  • Inc Ransom has made a reputation as a so-called “moral” ransomware group

INC RANSOM has adopted a more unusual approach to the ransom sphere. The group promotes itself as a “moral agent”, with the hackers claiming that they’re in the business of helping their victims. And they do that by exposing their weaknesses.

This isn’t necessarily a new approach, but INC RANSOM has leaned into it more than other cybercriminal gangs. The hackers claim that they’re doing the victims a favor by infiltrating their systems and stealing their data.

The ransom that they’re supposed to pay in exchange for the decryption key and the deletion of the data represents the payout for the hackers’ services. Which is ironic, as many have pointed out.

X showing the INC RANSOM attack on the 3 victims
https://twitter.com/FalconFeedsio/status/1772133648956784718

INC RANSOM operates on a double-extortion model. They encrypt the victim’s files and then download as much data as they can to use as leverage during negotiations. This is a standard model among most ransomware actors and the most financially rewarding one.

INC RANSOM currently ranks among the more aggressive ransomware actors and has gained a fearsome reputation quickly. This is that much more impressive, given that the organization first appeared publicly in July of 2023.

Who Is Inc Ransom?

INC RANSOM took off fast after its first public appearance and established itself as a ruthless, sophisticated, and aggressive actor. The thing that separated INC RANSOM from other ransomware actors was the marketing tactic.

The organization marketed itself as a cybersecurity service. The hackers would infiltrate the victim, encrypt its files, and steal their data, then demand payment for their “services.”

According to the data, INC RANSOM hits targets indiscriminately, regardless of the industry. They do prioritize high-value targets, though, and today’s attacks are proof of that. Inc Ransom prefers “meaty” targets to increase the potential for a higher profit margin.

Subsequent investigations have revealed that INC RANSOM is highly sophisticated, resourceful, and strategic. It appears that the hackers don’t target institutions blindly. Instead, they research their profiles and vulnerabilities to make sure the operation is worth it.

The method of attack is standard, as the gang relies on phishing emails and exploiting the human factor. This is to say that the main method of protection against INC RANSOM is acquiring a basic, common-sense understanding of how ransomware breaches work.

Other than that, Inc Ransom remains impervious to scrutiny so far, with an unknown internal structure and anonymous members.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment