INC is a form of threatening software categorized as ransomware, which operates by encrypting data and then demanding payment in exchange for its decryption. During analysis, this particular ransomware threat was observed encrypting numerous different file types. In addition, the filenames of the compromised files are altered by having the '.INC' extension added to them.
Upon the completion of the encryption procedure, the INC Ransomware delivers a text document named 'INC-README.txt.' This file acts as a ransom note containing the instructions of the attackers. Notably, the content of this ransom note suggests that the primary targets of the INC Ransomware are corporate entities or organizations rather than individual home users.
The INC Ransomware Leaves Victims Unable to Access Their Data
The ransom note dropped by INC Ransomware serves as a notification to the victims that critical and confidential data pertaining to their company as well as their clients, has been exfiltrated from the infected devices. This information is now under the control of the attackers. Within the ransom note, a stipulated timeframe of 72 hours is provided, during which the victim is expected to establish contact with the perpetrators. After that period is over, the hackers threaten to start leaking the obtained information to the public.
In the realm of ransomware infections, the decryption of encrypted files typically necessitates direct involvement from the attackers themselves. This is a result of the intricate encryption methods employed by these fraudulent actors. Typically, the only exceptions involve cases where the ransomware threats have significant flaws or vulnerabilities in their programming.
Adding to the complexity of the situation, there exists a distinct likelihood that even if victims comply with the ransom demands and pay the specified amount, they may not receive the promised decryption keys or tools. That is why experts typically advise against meeting the attackers' demands. Paying the ransom not only fails to guarantee the successful retrieval of the compromised data, but it also inadvertently serves to support the criminal activities conducted by these ransomware operators.
Make Sure That Your Devices and Data Are Sufficiently Protected Against Ransomware Infections
Safeguarding devices and data from ransomware infections requires a multi-layered approach that combines technical measures with user awareness and best practices. Here are several security measures that users can adopt to protect their devices and data from ransomware:
- Regular Backups: Create regular backups of your data and be certain that they are stored in a secure location, preferably offline or on a cloud service that is not directly connected to your devices. This ensures you have a clean copy of your data in case of a ransomware attack.
- Use Reliable Security Software: Install reputable anti-malware applications on all your devices and keep them updated. These tools can help detect and prevent ransomware infections before they can cause harm.
- Keep Software Updated: Update your operating system, software applications, and plugins regularly to patch potential vulnerabilities that ransomware could exploit.
- Use Strong Passwords and 2FA: Implement strong, unique passwords for all your accounts, and whenever possible, enable two-factor authentication (2FA) to add an extra layer of security.
- Email and Attachment Safety: Be cautious with email attachments and links, especially if they are from unknown or unexpected sources. Do not download or open attachments unless you are sure they are legitimate.
- Educate Users: Train yourself and others in your household or organization about the risks of ransomware and safe online practices. Teach them to recognize phishing attempts and suspicious activities.
- Network Segmentation: Separate your network into segments, particularly isolating critical systems from less secure ones. This can help contain the spread of ransomware in case of an infection.
- Remote Desktop Protocol (RDP) Security: If you use RDP, secure it with strong passwords, limit access to trusted IP addresses, and consider using a VPN.
By combining these security measures and staying vigilant, users can significantly reduce their vulnerability to ransomware attacks and better protect their devices and data.
The ransom note left to the victims of INC Ransomware is:
We have hacked you and downloaded all confidential data of your company and its clients.
It can be spread out to people and media. Your reputation will be ruined.
Do not hesitate and save your business.
Please, contact us via:
Your personal ID:
We're the ones who can quickly recover your systems with no losses. Do not try to devalue our tool - nothing will come of it.
Starting from now, you have 72 hours to contact us if you don't want your sensitive data being published in our blog:
You should be informed, in our business reputation - is a basic condition of the success.
Inc provides a deal. After successfull negotiations you will be provided:
How to secure your network;
Evidence of deletion of internal documents;
Guarantees not to attack you in the future.'