INC Ransom Targets US Enterprise

By Miklos Zoltan . 26 May 2024

Founder - Privacy Affairs

Fact-Checked this

The INC Ransom hackers announced another high-profile breach against a US-based company. The attackers posted the news on their public website and gave the victim several days to contact them for negotiations.

The victim hasn’t commented on the attack, so it’s unclear how they’ve chosen to act
INC Ransom is known to exfiltrate a lot of confidential data to use as leverage during the subsequent negotiations
Despite being a newcomer in the ransomware sphere, the INC Ransom gang has already made a name for itself
The organization targets medium and high-profile organizations, always prioritizing high revenue as the most desirable feature

Unlike typical ransomware gangs, INC Ransom is more versatile in its approach. The group advertises itself as a service provider. As they put it, the hackers are simply cybersecurity experts who provide services in the field.

They identify vulnerabilities in their ‘clients’ systems, use them to breach the target corporations and exfiltrate the data to showcase the problem. They then require remuneration for their efforts, which everybody else calls ransom.

While this isn’t a unique approach, it’s definitely not exactly common either.

X showing the INC RANSOM attack on Access Sports Medicine & Orthopaedics — https://x.com/FalconFeedsio/status/1794616960510226625

The gang uses the double-extortion practice to force their victims into submission. They keep the stolen data and use it as leverage in an attempt to extort the victim of money. The hackers are known to demand quite hefty ransoms in exchange for the deletion of the data.

Which, as experts claim, doesn’t happen anyway. The perpetrators will rather keep the data or share it with other cybercriminal gangs. Especially since the victim has no way of verifying that they won’t.

This is the main reason why you shouldn’t pay the ransom. And it’s not the only one.

Should You Pay Ransomware Hackers?

Your system has been encrypted and you can no longer access your personal or work-related files. This is an uncomfortable scenario that becomes nightmarish when the victim in question is a high-profile business with several employees and multiple clients.

In that case, the data leak may impact a lot more people than the business owner alone. This is why companies that experience these types of breaches usually have legal problems shortly. It’s no wonder that so many ‘forget’ to report the breach.

So, what should you do if you find yourself at the mercy of some shady ransomware actor? The standard advice is the same, no matter whether you’re a private individual or a corporation: do not negotiate with the hackers. Do not pay the ransom!

Paying the ransom does nothing for you except make you lose money and get the decryption key. The latter is most likely worth it, but it’s not something you can’t handle yourself with a bit of professional assistance.

As to the stolen data, consider it leaked, no matter the guarantees that the hackers will provide you. The experts explain that the hackers usually keep the data for themselves or share it with other equally shady actors.

The best approach is the no-negotiation policy. Take the hit, boost your cyber-defenses, and make sure it doesn’t happen again.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

INC Ransom Targets US Enterprise

Should You Pay Ransomware Hackers?

Our Mission

Miklos Zoltan

Leave a Comment Cancel