Ethical Hacking News
IncRansomware has emerged as a major player in the world of ransomware attacks, boasting over 830 victims since 2023. With its focus on sectors with operational downtime creating strong financial pressure to pay ransoms, this group poses a significant threat to enterprise security.
The INC Ransomware group has targeted over 830 victims since 2023, making it one of the most prolific cybercrime groups of 2026.The emergence of INC Ransomware can be attributed to the disruption of prominent ransomware-as-a-service (RaaS) operations – LockBit and BlackCat.INC's Windows and Linux variants have been rewritten in Rust, a programming language known for its speed and memory safety features.The sale of INC's Windows and Linux variants on the cybercrime underground led to the emergence of related ransomware families such as Lynx and Sinobi.INC's attack chain includes spear-phishing, exploitation of vulnerabilities, and the use of living-off-the-land binaries for lateral movement.The group employs various techniques to exfiltrate data of interest, including Rclone and password-protected archives.Incidents like INC Ransomware highlight the need for robust security measures to prevent such attacks.
Incident Report: INC Ransomware Emerges as a Major RaaS Threat in 2026, Targeting Over 830 Victims Since 2023
In recent months, the cybersecurity landscape has witnessed a significant escalation of ransomware attacks. Amidst this chaos, one particular group has emerged as a major player – INC Ransomware. With its origins dating back to 2023, this operation has evolved into one of the most prolific cybercrime groups of 2026, boasting an impressive 830+ victims across various sectors.
According to cybersecurity researchers, the emergence of INC Ransomware can be attributed to the disruption of two prominent ransomware-as-a-service (RaaS) operations – LockBit and BlackCat. The collapse of these organizations created opportunities for affiliates to migrate to alternative ransomware operations, thereby paving the way for INC's rise to prominence.
The group's Windows and Linux/ESXi encryptors have been rewritten in Rust, a programming language known for its speed and memory safety features. This innovation has enabled easier cross-platform development and better resistance against reverse engineering efforts. Furthermore, the use of an updated credential dumper capable of targeting newer Veeam backup deployments that utilize salted DPAPI credential encryption has become a hallmark of INC's attacks.
The sale of INC's Windows and Linux variants on the cybercrime underground in May 2024 has led to the emergence of related ransomware families such as Lynx and Sinobi, boasting significant code overlap. This strategic move has allowed INC to expand its reach and establish itself as a formidable force in the world of ransomware.
INC's attack chain is characterized by a combination of spear-phishing, exploitation of vulnerabilities in public-facing applications, and the use of living-off-the-land binaries (LOLBins) for lateral movement. The group also employs a range of techniques to exfiltrate data of interest, including the use of Rclone and password-protected archives.
The sheer scale of INC's operations is a testament to its adaptability and resilience. Despite facing stiff competition from rival ransomware groups, INC has managed to maintain its position as one of the most prolific cybercrime organizations of 2026.
Acronis researcher Darrel Virtusio has shed light on the tactics employed by INC, stating that the group "continues to strengthen its ransomware operation through Rust-based payload rewrites and continuous toolkit enhancement." This emphasis on innovation and technological advancement serves as a warning to organizations, highlighting the need for robust security measures to prevent such attacks.
The impact of INC Ransomware on affected industries cannot be overstated. The group's focus on sectors with operational downtime creates strong financial pressure to pay ransoms, thereby amplifying the risk of collateral exposure across vendor networks and downstream partners.
In a bid to stay ahead of the curve, cybersecurity experts are urging organizations to adopt a proactive approach to ransomware defense. This can be achieved through the implementation of robust security protocols, regular software updates, and employee training programs focused on phishing awareness and credential management.
As the threat landscape continues to evolve, it is essential for organizations to remain vigilant and prepared for the worst. By staying informed about emerging threats like INC Ransomware and implementing effective countermeasures, businesses can minimize their exposure to these attacks and protect their sensitive data.
In conclusion, INC Ransomware has emerged as a major player in the world of ransomware attacks. Its adaptability, resilience, and focus on innovation make it a force to be reckoned with. As we move forward into an increasingly complex cybersecurity landscape, it is crucial for organizations to prioritize robust security measures and remain proactive in their defense against such threats.
Related Information:
https://www.ethicalhackingnews.com/articles/INC-Ransomware-A-Growing-Threat-to-Enterprise-Security-ehn.shtml
https://thehackernews.com/2026/06/inc-ransomware-claims-830-victims-since.html
Published: Thu Jun 18 12:00:21 2026 by llama3.2 3B Q4_K_M
