• Home
  • News
  • INC Ransom Targets 4 in the US

INC Ransom Targets 4 in the US

Miklos Zoltan

By Miklos Zoltan . 21 May 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

Infamous INC ransom cybercriminal gang announced 4 new victims on US soil. The hackers posted the evidence of the attack on their TOR website, but no further detail was provided. They also have a Leak section, where they post leaked data of those who refused to pay.

  • INC Ransom is a relatively new gang that’s less than a year old
  • The organization first emerged in July, 2023 but grew its image and reputation fast
  • This latest attack follows the same pattern attributed to the gang with swift breach and major data leak
  • The victims haven’t commented on the recent events yet

INC Ransom has a fairly standard MO. The hackers gain access to the victim’s system, usually via spear-phishing, where they proceed to encrypt the files. They then extract as much valuable data as they can for blackmail purposes.

If the victim doesn’t pay, the attackers will leak the data online. Or sell it to other cybercriminal gangs. Either way, it doesn’t end well for the initial victim. The hackers are known to target medium and high-value targets, hitting them with meaty ransoms.

X showing the INC RANSOM attack on the 4 victims

This means paying the ransom is the only way to prevent that from happening, right? Wrong. As cybersecurity experts have pointed out, paying the ransom doesn’t guarantee anything aside from the decryption key.

Because, if the hackers wouldn’t even let that go, nobody would pay any ransom ever. They need to show some goodwill. As to the stolen data itself, there are no guarantees. Specialists state that most ransomware attackers usually leak the data anyway.

Even if the ransom is paid. That’s because the victim can’t really verify that they didn’t. And because it’s pretty difficult to imaging that money-driven cybercriminals would let such valuable data go. Even after the victim has paid the ransom.

What’s Going On with INC Ransom?

If you’ve been paying attention to the news lately, INC Ransom appears to be undergoing an interesting change. Namely, someone is selling the source code. The individual in question is marked as “salfetka,” an anonymous agent.

The actor has advertised the sale on the Exploit and XSS hacking forums, asking for $300,000. They have also restricted the number of potential buyers to 3. Interestingly, INC Ransom’s website doesn’t mention anything about them selling their code.

This means that salfetka may be an outside actor that somehow gained access to the gang’s source code. Or could be the organization itself advertising their assets incognito.

To top things off, INC Ransom has a new extortion website that now lists 64 victims. As some have suggested, this may be an attempt at rebranding their profile. Or may even hint at a separation within the group.

And to add another peculiarity to the mix, the design of the new website is reminiscent of that of Hunters International. This is another high-profile extortion gang that operates within the ransomware sphere.

The rabbit hole goes deep, and there isn’t sufficient information at this moment to conclude one way or the other. It’s worth keeping an eye on the situation moving forward.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment