Uptime Hamster: 16d 1h 43mDeploy: 14 Jul 2026 21:26Updated: 2026-07-14
Logo del actor de amenaza INC Ransom

INC Ransom

0 incidentes 0 paises 0 sectores ransomware RU Ultimo: -
Aliases: GOLD IONIC, "Inc
Ver en IntelTracker → APTTrail →
INC Ransom is a financially motivated ransomware-as-a-service (RaaS) operation that emerged in July 2023. The group functions by providing ransomware malware and infrastructure to affiliates, who then conduct intrusions and share ransom proceeds. While definitive attribution remains uncertain, their communications and tactics are consistent with Eastern European ransomware operations, and some researchers believe Russian criminals are involved. A distinguishing characteristic of INC Ransom is its cross-platform capability, enabling it to target Windows systems, Linux servers, and VMware ESXi virtualization environments. The group employs double extortion, not only encrypting data but also threatening to leak sensitive information on its public leak blog. They are also known for cynically framing their extortion as a "service" to help victims improve their security. The group is closely related to Lynx ransomware, with Lynx often considered a successor or variant that emerged after INC'

Aliases del actor

GOLD IONIC"Inc

Actores similares

incransomransomware · 832inc-ransomactor · 26arvinclubransomware · 2braincipheractor · 24BrainCipheractor · 2brave-princeactor · 1Inceptionapt · 1inception-frameworkactor · 1prince-of-persiaactor · 1pinchy-spideractor · 1

Canales, DLS e infraestructura asociada

Clasificacion automatica desde IntelTracker/APTTrail/OSINT. Estado real solo si viene indicado por la fuente.

TipoEstadoHost / enlaceTitle / ultimo titulo
Repositoriounknowngithub.comBushidoUK ToolMatrix GroupProfiles: INC_Ransom
Repositorioupgithub.comBushidoUK ToolMatrix CommunityReports: CR-020-INCRANSOM-JAN-2026
DLS / leak siteunknownwww.huntress.comBushidoUK ToolMatrix GroupProfiles: INC_Ransom
DLS / leak siteunknownwww.guidepointsecurity.comBushidoUK ToolMatrix GroupProfiles: INC_Ransom
DLS / leak siteunknownwww.huntress.comBushidoUK ToolMatrix GroupProfiles: INC_Ransom
DLS / leak siteunknownwww.secureworks.comBushidoUK ToolMatrix GroupProfiles: INC_Ransom
DLS / leak siteunknownwww.huntress.comBushidoUK ToolMatrix GroupProfiles: INC_Ransom
Repositorioupgithub.comBushidoUK ToolMatrix CommunityReports: CR-019-INCRANSOM-NOV-2025
X/Twitterupx.comBushidoUK ToolMatrix CommunityReports: CR-020-INCRANSOM-JAN-2026
Repositorioupgithub.comBushidoUK ToolMatrix CommunityReports: CR-020-INCRANSOM-JAN-2026
DLS / onionupincbacg6bfwtrlzwdbqc55gsfl763s3twdtwhp27dzuik6s6rwdcityd.onionincransom
DLS / onionupincbackrlasjesgpfu5brktfjknbqoahe2hhmqfhasc5fb56mtukn4yd.onionincransom
DLS / leak siteupransomware.anggipradana.comRansomware Group: incransom
DLS / onionunknownincblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onionRansomware Victim: callhorton.com (incransom)
DLS / onionunknownincblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onionRansomware Victim: johndufourlaw.com (incransom)
DLS / onionunknownincblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onionRansomware Victim: theswansonlawgroup.com (incransom)
DLS / leak siteunknownnitter.netRansomware Monitor: Actor: #incransom Victim: GSP Crop Science Pvt Date: 2026-06-26 07:10:34 UTC+3 According to #DarkWeb #Ransomware activity detected by the ThreatMon Threat Intelligence Team. The “#incransom” Ransomware group has added GSP Crop Science Pvt to its victims.
X/Twitterunknownx.comRansomware Monitor: Actor: #incransom Victim: Life Bridges Date: 2026-06-26 05:08:35 UTC+3 According to #DarkWeb #Ransomware activity detected by the ThreatMon Threat Intelligence Team. The “#incransom” Ransomware group has added Life Bridges to its victims.
DLS / leak siteunknownnitter.netRansomware Monitor: Actor: #incransom Victim: Life Bridges Date: 2026-06-26 05:08:35 UTC+3 According to #DarkWeb #Ransomware activity detected by the ThreatMon Threat Intelligence Team. The “#incransom” Ransomware group has added Life Bridges to its victims.
Malware asociado
INC Ransomware
Tecnicas MITRE
T1566, T1518.001 - Security Software Discovery, T1566 - Phishing, T1562.001 - Disable or Modify Tools, T1566.001, T1570
CVEs relacionadas
CVE-2025-5777, CVE-2025-53770, CVE-2025-49706, CVE-2025-49704, CVE-2024-57727, CVE-2023-4966
Tipo
ransomware
Pais origen
RU
Motivacion
-
Impacto
110
Actualizado
Sat, 20 Ju

Paises objetivo (SOCRadar)

United Arab EmiratesArgentinaAustriaAustraliaBelgiumBeninBrazilCanadaCongo, the Democratic Republic of theSwitzerland

Sectores objetivo (SOCRadar)

Construction of BuildingsFood ManufacturingOther Information ServicesSoftware PublishersReal EstateRental and Leasing ServicesHospitalsAccommodationAir TransportationManufacturing