A new player on the ransomware scene, referred to as "INC," has surfaced, capturing attention through a series of high-profile attacks that have necessitated deeper scrutiny.
This nascent ransomware group rapidly gained prominence, with multiple affected organizations making headlines due to their exposure on the group's data leak site.
Recently, the Huntress team conducted a comprehensive investigation into a ransomware attack indicative of the "INC" threat actor. While the encryption phase of the attack grabbed immediate attention, a closer probe revealed that the initial stages of the assault had commenced approximately a week prior to the encryption event, if not earlier.
During the investigation, three server systems were at the center of the Huntress team's focus. While complete visibility was not attainable across the entire affected infrastructure, key systems provided insight into the threat actor's activities over the course of a week.
The research blog by Huntress details a day-by-day breakdown of the ransomware attack as well as IOCs.
The analysis highlighted the intricate phases leading to a successful ransomware attack. The investigation couldn't ascertain the initial access method, but it did reveal a week's worth of significant activity across pivotal systems.
In a landscape fraught with evolving threats, the Huntress team's meticulous analysis unveils the multifaceted progression of a ransomware attack. As the "INC" threat garners attention, it underscores the need for continuous vigilance in safeguarding digital assets. ###