INC RANSOM Targets US Prosthetics Company
It’s been reported that the US-based Human Technology Prosthetics and Orthotics experienced an important ransomware attack. The hackers themselves posted the news about the breach on their leak website. The culprit: INC RANSOM.
- INC RANSOM has made the headlines quite a few times throughout 2023, and they’ve started 2024 in full force
- The victim is in the business of producing prosthetics and orthotics for patients with limb dysfunctions due to accidents, disease, or other congenital anomalies
- As is the case with most INC RANSOM-related attacks, the victim is a high-value target with nearly 15 years of experience in the field
- INC RANSOM is known to target primarily high-value corporations that can provide the largest profit margin
The INC RANSOM gang is a peculiar one because the actor came public in August of 2023. By September 2023, the organization has already amassed at least 12 high-profile victims. At least, these have been confirmed.
It is unusual for a newcoming ransomware actor to be so prolific so fast. It’s not unheard of to see a novel ransomware gang produce a number of victims over a short time span. But not high-profile ones with considerable revenue value.
So, what does this mean?
Several theories circulate around, as is the case with any new ransomware gang, especially one that makes waves from the get-go. One is that INC RANSOM is, at the very least, linked to other cybercriminal gangs.
One of them is LockBit. Experts have pointed out some suspicious similarities in terms of MOs, infiltration tactics, and website design. Others have hinted at other ransomware groups that they think may relate to INC RANSOM in some capacity.
Nothing has been confirmed so far. More importantly, despite these similarities, INC RANSOM also has unique features and behaviors. One of them is the triple-extortion tactic.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
How Does INC RANSOM Operate?
The gang has a fairly standard tactic in terms of their ransomware operations. The primary MOs include phishing emails and spear phishing, targeted at specific entities. This shows that INC RANSOM always conducts targeted operations against designated organizations.
They also always go for high-value entities with considerable revenues and exploitable vulnerabilities. So far, so good. The major different between INC RANSOM and most other ransomware gangs is the triple-extortion practice.
Normally, ransomware gangs use the double-extortion practice, which involves encrypting the victim’s files and downloading sensitive data, not meant for the public eye. INC RANSOM adds another step to that.
Aside from the typical double-extortion approach, the hackers also throw in some blackmail and defamation for a plus of flavor. In other words, the hackers will accuse the victim of unlawful practices, no matter if they’re true or not.
In some cases, they will even fabricate “evidence” to go along with the actual leaked data for a plus of legitimacy. This isn’t necessarily meant to destroy the victim’s reputation, but coerce the victim into paying out of fear of that very thing happening.
It’s unclear how effective this technique is, because there’s no conclusive data regarding INC RANSOM’s payout rate. But it’s most likely meaningful enough to keep the gang in business and thriving.