Today we have released a joint advisory with Kingdom of Tonga’s National Computer Emergency Response Team (CERT Tonga) and the New Zealand National Cyber Security Centre (NCSC) about the operations of ransomware group INC Ransom and their affiliate network, and the threat that their operations are posing to networks hosted in Australia and the Pacific.
INC Ransom is a Russian based financially motivated cybercriminal group, with members targeting organisations through spear-phishing campaigns, and exploiting unpatched internet-facing devices or using purchased valid account credentials from initial access brokers.
They use legitimate software to facilitate exfiltration of sensitive data. Following successful data encryption, INC Ransom leaves a ransom note stating demands and contact instructions. If targeted entities do not pay the requested ransom amount, INC Ransom engages double-extortion tactics, by publishing entity names and exfiltrated data to its dedicated leak site.
INC Ransom and their affiliate network have compromised organisations worldwide, including in Australia and the Pacific, since 2023.
We strongly recommend that organisations and government ministries implement the mitigations outlined in the advisory, to reduce the risk of compromise by INC Ransom and to enhance detection of this threat.