INC RANSOM Targets 4 in US

Miklos Zoltan

By Miklos Zoltan . 31 January 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

INC RANSOM took responsibility for 4 ransomware attacks in the US recently. The institutions that were hit are Black Butte Coal, Waterford Country School Inc, Benjamin Plumbing Inc, and Corbett Exterminating Inc.

  • All of the victims are heavy names in their respective industries and neither has commented on the recent attacks
  • INC RANSOM is a relatively novel ransomware actor, as it only appeared in August of 2023
  • Ransomware attacks have increased in frequency over the past few years and so has the number of ransomware organizations
  • Specialists warn about INC RANSOM, stating that the group’s evolution suggests impressive adaptability and potential

INC RANSOM appears to be strictly financially motivated, as it has shown no evidence of political or ideological affiliation. The recent attacks also appear uncoordinated and unrelated, as the 4 victims belong to different industries.

These include coal extraction, education, plumbing, and pest control. INC RANSOM is known to hit multiple industries indiscriminately, such as health, housing, furniture, construction, and even governmental agencies.

X showing the INC RANSOM attack on the 4 websites
https://twitter.com/FalconFeedsio/status/1752247779949461746

The evidence of the attacks was posted on the 29th, which suggests that they all took place at the same time. This supports the idea that INC RANSOM is a more dangerous and resourceful ransomware actor than it lets out.

Everything About INC RANSOM

INC RANSOM first stood out in August, 2023, but it grew exponentially since then. More importantly, unlike other young ransomware actors, this one appears a lot more competent and well-put together. There are a lot of theories to why that is.

The most plausible one has to do with the blog similarities between INC RANSOM and Lockbit. The code isn’t similar, but the blog is and, when it comes to hacktivist groups and ransomware actors, many argue that there are no coincidences.

This implies that INC RANSOM is either a branch of Lockbit, a subcontractor, or one of Lockbit’s alter-egos. That being said, INC RANSOM does have a different MO than Lockbit or any other ransomware entity for that matter.

The thing that separates this organization from others like it is the negotiation tactic. Generally, ransomware actors threaten the victim to expose the stolen data publicly, unless consensus is reached regarding the ransom payment.

But INC RANSOM leaks some of the data before and during the negotiations. The actor will leak partial screenshots of the available data to motivate the victim to pay. They may also accuse the victim of illegal activity and resort to blackmail to secure the payment.

This approach qualifies INC RANSOM as a resourceful and innovative ransomware actor. One with significant room to grow and self-improve.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment