• Home
  • News
  • INC RANSOM Targets US Company

INC RANSOM Targets US Company

Bogdan Pătru

By Bogdan Pătru . 8 May 2024

Tech Writer

Miklos Zoltan

Fact-Checked this

The INC RANSOM group just announced another victim located in the US. The target is Seneca Nation Health System, a health provider offering preventive and primary care for acute and chronic disorders. It is unclear how much data the hackers have stolen.

  • INC RANSOM posted the news about the breach on their leak website without any additional information
  • The hacker gang is known to target medium-sized businesses for the most part, with the occasional high-value corporation
  • INC RANSOM poses as a cybersecurity service provider, painting their activity as “detecting system vulnerabilities”
  • The hackers are quite ruthless negotiators, which is typically the case with high-profile ransomware gangs

INC RANSOM is a fairly new ransomware actor that’s been observed publicly in July, 2023. Since then, the organization grew fairly fast, targeting increasingly more valuable businesses. So far, INC RANSOM has only targeted governmental institutions sparingly.

The operators appear to target various industries indiscriminately. The only thing that matters is the prospect of increasingly higher profits. Healthcare, finance, education, manufacturing, and consumer services are just some of the targeted sectors.

X showing the INC Ransom attack on Seneca Health System
https://twitter.com/FalconFeedsio/status/1787392635600327116

When it comes to the actual MO, INC RANSOM relies on tried-and-tested spear-phishing via compromised emails. The hackers also breach legitimate software and platforms, which puts unsuspecting users at risk.

The latter is more likely to produce victims, given that the users are unaware of the danger. After infiltrating the victim’s system, the hackers will encrypt the files, steal data, and leave behind a ransom note.

This contains instructions regarding the ransom, along with a specific set of credentials for the victims to use to contact the hackers. If no contact is pursued within the given timeframe, the hackers will leak the stolen data publicly.

How to Deal with INC RANSOM?

It’s important to remember that INC RANSOM poses as a cybersecurity service provider. The ransom note will specify that the hackers will offer cybersecurity tips and support to improve the victim’s security. After the ransom is paid, of course.

However, experts advise against that. INC RANSOM is nothing more than a ransomware actor that’s only interested in one thing: money. Everything else functions as a diversion. So, the general recommendation is to not cave in to the hackers’ demands.

Nothing good can come from negotiating and paying the ransom. The hackers will most likely provide the decryption key, but they won’t necessarily delete the stolen data. In fact, records show that they will most likely keep it or share it with other gangs.

Not to mention, paying the ransom will place the victim on the hackers’ list for future breaches.

Experts also recommend taking everything the hackers say with a grain of salt. They may provide “evidence” of previous hits where the victims have paid the ransom and they recovered their data. This isn’t necessarily true, as much of this evidence is fabricated.

If you fit the profile of the ideal ransomware victim, you may need to act today. Contact actual cybersecurity professionals and work to improve your defenses asap. Every moment wasted is one step closer to an actual breach.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment