INC Ransom
Aliases: GOLD IONIC
INC Ransom is a ransomware and data extortion threat group associated with the deployment of INC Ransomware that has been active since at least July 2023. INC Ransom has targeted organizations worldwide most commonly in the industrial, healthcare, and education sectors in the US and Europe.
Open interactive actor investigation
ATT&CK techniques
T1486
Data Encrypted for ImpactT1562.001
Disable or Modify ToolsT1021.001
Remote Desktop ProtocolT1657
Financial TheftT1047
Windows Management InstrumentationT1566
PhishingT1059.003
Windows Command ShellT1537
Transfer Data to Cloud AccountT1087.002
Domain AccountT1074
Data StagedT1071
Application Layer ProtocolT1046
Network Service DiscoveryT1569.002
Service ExecutionT1219
Remote Access SoftwareT1588.002
ToolT1036.005
Match Legitimate Name or LocationT1570
Lateral Tool TransferT1069.002
Domain GroupsT1135
Network Share DiscoveryT1190
Exploit Public-Facing ApplicationT1070.004
File DeletionT1078
Valid AccountsT1105
Ingress Tool TransferT1560.001
Archive via UtilityT1049
System Network Connections Discovery
Data Encrypted for ImpactT1562.001
Disable or Modify ToolsT1021.001
Remote Desktop ProtocolT1657
Financial TheftT1047
Windows Management InstrumentationT1566
PhishingT1059.003
Windows Command ShellT1537
Transfer Data to Cloud AccountT1087.002
Domain AccountT1074
Data StagedT1071
Application Layer ProtocolT1046
Network Service DiscoveryT1569.002
Service ExecutionT1219
Remote Access SoftwareT1588.002
ToolT1036.005
Match Legitimate Name or LocationT1570
Lateral Tool TransferT1069.002
Domain GroupsT1135
Network Share DiscoveryT1190
Exploit Public-Facing ApplicationT1070.004
File DeletionT1078
Valid AccountsT1105
Ingress Tool TransferT1560.001
Archive via UtilityT1049
System Network Connections Discovery