inc ransom

Ransomware group profile

474Victims

RussiaSource country

110Impact score

Also Known As

GOLD IONIC

Description

INC Ransom is a sophisticated ransomware group active since July 2023, known for their double extortion tactics that involve not only encrypting data but also threatening to leak sensitive information. They target a variety of high-profile sectors, including healthcare and education, leveraging advanced techniques to infiltrate systems and maximize impact.

Key insights

•Employs double extortion tactics to maximize leverage on victims.
•Targets critical infrastructure sectors, including healthcare and public administration.
•Utilizes advanced techniques like spear-phishing and RDP exploitation for initial access.
•Custom ransomware employs AES-128 encryption with multi-threading to hinder recovery.
•Effective in evading detection through legitimate process usage and security feature manipulation.
•Cryptocurrency is the primary payment method for ransom demands.

Industries

Education Energy & Utilities Financial Services Government & Defense Healthcare Hospitality Manufacturing Other Professional Services Retail & E-Commerce Technology Transportation

Threat Level & Status Breakdown

For inc ransom · Based on incidents in selected period

4threat level

Aggressiveness10/ 10

Lethality0/ 10

Criticality1.8/ 10

Status Breakdown

Claimed100.0%474

First seenJun 2025

Last seenJun 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 3, 2026

Recent activity

Monthly attack count for inc ransom in the selected period

474Total attacks

55peak in Nov

36.5avg / month

↓ 20 vs first month

Intelligence

IOCs, YARA/Sigma rules, and related families for inc ransom

a53a9ca8a074c7108f8412c3f8c1fc5d
77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
9db958bc5b4a21340ceeeb8c36873aa6bd02a460e688de56ccbba945384b1926
3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab
7007cf53bcd0083baba202d8ac2d9070
25b9fdef3061c7dfea744830774ca0e289dba7c14be85f0d4695d382763b409b
01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd
fcefe50ed02c8d315272a94f860451bfd3d86fa6ffac215e69dfa26a7a5deced
a98dcdee82f6066a4cf2f9d7d161a1bacec8f81d
9218e2c37c339527736cdc9d9aad88de728931a3
c41ab33986921c812c51e7a86bd3fd0691f5bba925fae612f1b717afaa2fe0ef
d1038be644a0da3ba05922fa27db4167a6e17451
1e074d9dca6ef0edd24afb2d13ca4429def5fc5486cd4170c989ef60efd0bbb0
75612233d32768186d0557dd39abbbd3284a2a29
5fda381a9884f7be2d57b8a290f389578a9d2f63e2ecb98bd773248a7eb99fa2
0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5
6cd349eda0fa6c8b274a0920852c68f8b727afea1fdbc69ad183cef05d9cf141
f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429
e502b8d617a2cd9bfa41762282a0ff81
3403b92056d7645acfb7236824cc58b15e4d5395
2833c82055bf2d29c65cd9cf6684449a
fd452da0d978514adaeee1dd5227212aad00bf07f2481d335eed77a4ee08a5e8
7a96d9f7a25a67ec2873bb814cb0ba104d3b7c1651f65ff09d8e1f76cba6fb79

View full IOC feed40 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for inc ransom

CVE-2025-5777

CVE-2025-53770

CVE-2025-49706

CVE-2025-49704

CVE-2024-57727

CVE-2023-4966

CVE-2023-3519

CVE-2019-18935

Other

T1486

T1490

T1078

T1021

T1562

T1555

T1059

T1071

T1068

T1210

T1021.001

Victims(200)

Company	Domain	Country	Industry	Status	Discovered
trrac.net	—	—	Transportation	Claimed	about 24 hours ago
Bradley law firm	—	—	Professional Services	Claimed	2 days ago
Champaign-Urbana Public Health District	—	US United States	Healthcare	Claimed	2 days ago
www.labexpress.com	—	—	Professional Services	Claimed	5 days ago
belimed.com	—	CH Switzerland	Manufacturing	Claimed	6 days ago
lawants	—	US United States	Professional Services	Claimed	6 days ago
Distrigaz Vest S.A.	—	RO Romania	Energy & Utilities	Claimed	7 days ago
PILLER AIMMCO	—	—	Manufacturing	Claimed	9 days ago
Open Door Health Center	—	US United States	Healthcare	Claimed	9 days ago
Meirc training and consulting	—	—	Professional Services	Claimed	10 days ago
Mecanizados y Montajes Aeronáuticos	mymgroup.es	ES Spain	Manufacturing	Claimed	11 days ago
threadinnovations	—	—	Technology	Claimed	12 days ago
Nothing	—	—	Technology	Claimed	15 days ago
bergen1.net	—	—	Technology	Claimed	17 days ago
metaval.com.au	—	AU Australia	Professional Services	Claimed	17 days ago
defenseisready.com	—	—	Government & Defense	Claimed	19 days ago
United Quality Cooperative / www.uqcoop.com	—	—	Other	Claimed	20 days ago
Silergy Corp	—	—	Manufacturing	Claimed	21 days ago
Bideawee	—	—	Retail & E-Commerce	Claimed	23 days ago
rbh aerospace inc	—	—	Manufacturing	Claimed	23 days ago

Page 1 of 10

Affected countries(68)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates 🇦🇷Argentina 🇦🇹Austria 🇦🇺Australia 🇧🇪Belgium 🇧🇯Benin 🇧🇷Brazil 🇨🇦Canada Congo, the Democratic Republic of the 🇨🇭Switzerland Côte d'Ivoire 🇨🇱Chile 🇨🇳China 🇨🇴Colombia 🇨🇾Cyprus 🇨🇿Czech Republic 🇩🇪Germany 🇩🇿Algeria 🇪🇸Spain 🇫🇷France 🇬🇧United Kingdom 🇬🇪Georgia 🇬🇷Greece 🇭🇰Hong Kong 🇭🇹Haiti 🇭🇺Hungary 🇮🇩Indonesia 🇮🇪Ireland 🇮🇱Israel 🇮🇳India 🇮🇹Italy 🇯🇲Jamaica 🇯🇵Japan 🇰🇭Cambodia Korea, Republic of 🇲🇹Malta 🇲🇽Mexico 🇲🇾Malaysia 🇳🇦Namibia 🇳🇬Nigeria 🇳🇱Netherlands 🇳🇿New Zealand 🇵🇦Panama 🇵🇪Peru 🇵🇭Philippines 🇵🇰Pakistan 🇵🇹Portugal 🇵🇾Paraguay 🇶🇦Qatar 🇷🇴Romania Russian Federation 🇸🇦Saudi Arabia 🇸🇨Seychelles 🇸🇪Sweden 🇸🇬Singapore 🇸🇰Slovakia 🇸🇱Sierra Leone 🇸🇳Senegal 🇹🇭Thailand 🇹🇳Tunisia 🇹🇴Tonga 🇹🇷Turkey Taiwan, Province of China 🇺🇸United States Venezuela, Bolivarian Republic of 🇻🇳Vietnam 🇿🇦South Africa 🇿🇲Zambia