Malware: INC Ransomware

Description

[INC Ransomware](https://attack.mitre.org/software/S1139) is a ransomware strain that has been used by the [INC Ransom](https://attack.mitre.org/groups/G1032) group since at least 2023 against multiple industry sectors worldwide. [INC Ransomware](https://attack.mitre.org/software/S1139) can employ partial encryption combined with multi-threading to speed encryption.(Citation: SentinelOne INC Ransomware)(Citation: Huntress INC Ransom Group August 2023)(Citation: Secureworks GOLD IONIC April 2024)

External References

• mitre-attack
• Secureworks GOLD IONIC April 2024
• SentinelOne INC Ransomware
• Huntress INC Ransom Group August 2023

Techniques Used by This Malware

• T1047 — Windows Management Instrumentation
• T1057 — Process Discovery
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1106 — Native API
• T1120 — Peripheral Device Discovery
• T1135 — Network Share Discovery
• T1140 — Deobfuscate/Decode Files or Information
• T1486 — Data Encrypted for Impact
• T1489 — Service Stop
• T1490 — Inhibit System Recovery
• T1491.001 — Internal Defacement
• T1566 — Phishing
• T1570 — Lateral Tool Transfer
• T1652 — Device Driver Discovery

APT Groups Using This Malware

• INC Ransom