logo

INC Ransomware Thrives by Mastering the Basics

ID: 28b644cf-43ab-59ee-a2ef-3e8fc03bbd3b

STIX ID: report--28b644cf-43ab-59ee-a2ef-3e8fc03bbd3b

Feed Name: Dark Reading

Threat Score
78/100

Date Published: 2026-06-17

Date Updated: 2026-06-18

Author: Alexander Culafi

...
...

INC is an emerging RaaS ransomware group (active since 2023) that has claimed over 800 victims by focusing on high-pressure sectors (healthcare, manufacturing, legal, etc.). The group uses common intrusion methods—spear-phishing, stolen credentials via initial access brokers, and exploitation of known CVEs—followed by credential theft, living-off-the-land lateral movement, EDR disabling, and data exfiltration for double extortion; its malware exists for Windows and Linux/ESXi and was recently rewritten in Rust. Acronis published YARA rules and IOCs and recommends robust backup strategies, patching, identity/access controls, and network segmentation to mitigate risk.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.