Due to security failures on their end, systems belonging to the INC ransomware gang were themselves breached and data recovered. The operation was conducted by Cyber Centaurs, a digital forensics and incident response company that disclosed its success last November.
INC ransomware is a ransomware-as-a-service (RaaS) operation that emerged in mid-2023. We have written on the topic of RaaS previously on this blog – in brief, it refers to an approach by cybercriminals decoupling malware development from deployment. Programmers can develop malware and offer it to buyers, who then provide the network for spreading it and using it to attack individuals and organizations.
The threat actor claimed several high-profile victims over the years, including Yamaha Motor, Xerox Business Solution, Scotland’s NHS, McLaren Health Care, the Texas State Bar, Ahold Delhaize, the Panama Ministry of Economy, the Pennsylvania AG Office, and Crisis24.
Protect your critical data
There’s some takeaways that we can focus on in this case. One is that protecting data is still paramount; the list of victims speaks for itself in that case. It also reinforces the point that many attacks will not stop at one crime; in the above discussed cases, besides deploying ransomware there was also a concerted effort at data exfiltration. Once someone has entered your systems, there’s no reason for them to not attempt maximalist aims.
The second takeaway is that recovery is possible – but not necessarily easy. In the case discussed above, it required effort by specialists to recover exfiltrated data – with no mention made if ransom was paid do decrypt any data left in place.
Organizations are encouraged to ensure their systems are protected behind a backup or other data protection system, and that these systems are kept up to date.
Your Data In Your Hands – With TECH-ARROW
