NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / INC Ransom

INC Ransom

Also known as: GOLD IONIC

Overview

INC Ransom is a ransomware and data extortion threat group associated with the deployment of INC Ransomware that has been active since at least July 2023. INC Ransom has targeted organizations worldwide most commonly in the industrial, healthcare, and education sectors in the US and Europe.

Capabilities

  • Exploitation of public-facing / client applications — ATT&CK T1190

TTPs — 25 techniques across 11 tactics

Resource Development

Initial Access

Defense Impairment

Lateral Movement

Collection

Exfiltration

Tools & malware (8)

Tor · PsExec · Nltest · Rclone · AdFind · Net · esentutl · INC Ransomware

Reporting (3)