inc ransom

Ransomware group profile

473Victims

RussiaSource country

110Impact score

Also Known As

GOLD IONIC

Description

INC Ransom is a sophisticated ransomware group active since July 2023, known for their double extortion tactics that involve not only encrypting data but also threatening to leak sensitive information. They target a variety of high-profile sectors, including healthcare and education, leveraging advanced techniques to infiltrate systems and maximize impact.

Key insights

•Employs double extortion tactics to maximize leverage on victims.
•Targets critical infrastructure sectors, including healthcare and public administration.
•Utilizes advanced techniques like spear-phishing and RDP exploitation for initial access.
•Custom ransomware employs AES-128 encryption with multi-threading to hinder recovery.
•Effective in evading detection through legitimate process usage and security feature manipulation.
•Cryptocurrency is the primary payment method for ransom demands.

Industries

Education Energy & Utilities Financial Services Government & Defense Healthcare Hospitality Manufacturing Other Professional Services Retail & E-Commerce Technology Transportation

Threat Level & Status Breakdown

For inc ransom · Based on incidents in selected period

4.1threat level

Aggressiveness10/ 10

Lethality0/ 10

Criticality1.8/ 10

Status Breakdown

Claimed100.0%473

First seenJun 2025

Last seenJun 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 18, 2026

Recent activity

Monthly attack count for inc ransom in the selected period

473Total attacks

55peak in Nov

36.4avg / month

↑ 15 vs first month

Intelligence

IOCs, YARA/Sigma rules, and related families for inc ransom

a53a9ca8a074c7108f8412c3f8c1fc5d
77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
9db958bc5b4a21340ceeeb8c36873aa6bd02a460e688de56ccbba945384b1926
7f37351979c249417cb180b4ede0ed17e5fe2a1f08add4d72606b589f8fdb245
3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab
7007cf53bcd0083baba202d8ac2d9070
25b9fdef3061c7dfea744830774ca0e289dba7c14be85f0d4695d382763b409b
01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd
fcefe50ed02c8d315272a94f860451bfd3d86fa6ffac215e69dfa26a7a5deced
a98dcdee82f6066a4cf2f9d7d161a1bacec8f81d
9218e2c37c339527736cdc9d9aad88de728931a3
d1038be644a0da3ba05922fa27db4167a6e17451
1e074d9dca6ef0edd24afb2d13ca4429def5fc5486cd4170c989ef60efd0bbb0
60aeb9f7bccf377ff02ed64783e66a62c0f976878d9729b067bc7e5b0b9da9d6
5cc212f84d2bf3fbab165aaf09b16e00fcf2f1ccd880d24b14404c53dcdbf241
a2b1c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2
75612233d32768186d0557dd39abbbd3284a2a29
5fda381a9884f7be2d57b8a290f389578a9d2f63e2ecb98bd773248a7eb99fa2
0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5
6cd349eda0fa6c8b274a0920852c68f8b727afea1fdbc69ad183cef05d9cf141
f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429
e502b8d617a2cd9bfa41762282a0ff81
3403b92056d7645acfb7236824cc58b15e4d5395
2833c82055bf2d29c65cd9cf6684449a
fd452da0d978514adaeee1dd5227212aad00bf07f2481d335eed77a4ee08a5e8
7a96d9f7a25a67ec2873bb814cb0ba104d3b7c1651f65ff09d8e1f76cba6fb79

View full IOC feed50 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for inc ransom

CVE-2025-5777

CVE-2025-53770

CVE-2025-49706

CVE-2025-49704

CVE-2024-57727

CVE-2023-4966

CVE-2023-3519

CVE-2019-18935

Other

T1486

T1490

T1078

T1021

T1562

T1555

T1059

T1071

T1068

T1210

T1021.001

Victims(200)

Company	Domain	Country	Industry	Status	Discovered
Horizon Family Medical Group	—	—	Healthcare	Claimed	1 day ago
neuwoges.de	—	—	—	Claimed	2 days ago
jasperplastics.info	—	—	Manufacturing	Claimed	3 days ago
framesiprofessional.com	—	—	Professional Services	Claimed	3 days ago
3	—	US United States	Healthcare	Claimed	4 days ago
Signazon_USA	—	US United States	Retail & E-Commerce	Claimed	8 days ago
Kewaunee Scientific	—	US United States	Manufacturing	Claimed	8 days ago
DISCOLABINDU	—	—	—	Claimed	8 days ago
fineconsulting	—	—	Professional Services	Claimed	8 days ago
FIZA	—	—	—	Claimed	9 days ago
kelmreuter.com	—	—	Professional Services	Claimed	13 days ago
obrieneng.com	—	—	Professional Services	Claimed	14 days ago
Stuga Machinery	—	—	Manufacturing	Claimed	15 days ago
pdcbodynits	—	—	—	Claimed	15 days ago
CUSTOMSIGN	—	—	Professional Services	Claimed	16 days ago
Colina Financial Advisors	—	—	Financial Services	Claimed	16 days ago
Oztugotomotiv	—	—	Manufacturing	Claimed	16 days ago
trrac.net	—	—	Transportation	Claimed	17 days ago
Bradley law firm	—	—	Professional Services	Claimed	18 days ago
Champaign-Urbana Public Health District	—	US United States	Healthcare	Claimed	18 days ago

Page 1 of 10

Affected countries(75)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates 🇦🇷Argentina 🇦🇹Austria 🇦🇺Australia 🇧🇪Belgium 🇧🇯Benin 🇧🇷Brazil 🇨🇦Canada Congo, the Democratic Republic of the 🇨🇭Switzerland Côte d'Ivoire 🇨🇱Chile 🇨🇲Cameroon 🇨🇳China 🇨🇴Colombia 🇨🇷Costa Rica 🇨🇾Cyprus 🇨🇿Czech Republic 🇩🇪Germany 🇩🇴Dominican Republic 🇩🇿Algeria 🇪🇸Spain 🇫🇷France 🇬🇧United Kingdom 🇬🇪Georgia 🇬🇷Greece 🇭🇰Hong Kong 🇭🇹Haiti 🇭🇺Hungary 🇮🇩Indonesia 🇮🇪Ireland 🇮🇱Israel 🇮🇳India Iran, Islamic Republic of 🇮🇹Italy 🇯🇲Jamaica 🇯🇵Japan 🇰🇭Cambodia Korea, Republic of 🇰🇼Kuwait 🇲🇲Myanmar 🇲🇹Malta 🇲🇽Mexico 🇲🇾Malaysia 🇳🇦Namibia 🇳🇬Nigeria 🇳🇱Netherlands 🇳🇿New Zealand 🇵🇦Panama 🇵🇪Peru 🇵🇭Philippines 🇵🇰Pakistan 🇵🇹Portugal 🇵🇾Paraguay 🇶🇦Qatar 🇷🇴Romania 🇷🇸Serbia Russian Federation 🇸🇦Saudi Arabia 🇸🇨Seychelles 🇸🇪Sweden 🇸🇬Singapore 🇸🇰Slovakia 🇸🇱Sierra Leone 🇸🇳Senegal 🇹🇭Thailand 🇹🇳Tunisia 🇹🇴Tonga 🇹🇷Turkey Taiwan, Province of China 🇺🇸United States Venezuela, Bolivarian Republic of 🇻🇳Vietnam 🇿🇦South Africa 🇿🇲Zambia