INC Ransomware Thrives by Mastering the Basics
ID: 28b644cf-43ab-59ee-a2ef-3e8fc03bbd3b
STIX ID: report--28b644cf-43ab-59ee-a2ef-3e8fc03bbd3b
Feed Name: Dark Reading
INC is an emerging RaaS ransomware group (active since 2023) that has claimed over 800 victims by focusing on high-pressure sectors (healthcare, manufacturing, legal, etc.). The group uses common intrusion methods—spear-phishing, stolen credentials via initial access brokers, and exploitation of known CVEs—followed by credential theft, living-off-the-land lateral movement, EDR disabling, and data exfiltration for double extortion; its malware exists for Windows and Linux/ESXi and was recently rewritten in Rust. Acronis published YARA rules and IOCs and recommends robust backup strategies, patching, identity/access controls, and network segmentation to mitigate risk.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
