INC Ransom
G10321 reportsaliases · INC Ransom · GOLD IONIC
1
Reports
12
Techniques
8
Tactics
1
Countries
58%
Hunt coverage
2
Aliases
Analyst assessment — key judgments
- Signature techniques: T1053.005 (Scheduled Task), T1047 (Windows Management Instrumentation), T1213.002 (Sharepoint).
- Primary targeting: US.
- Currently dormant: 0 report(s) in last 30d vs 0 prior (+0%).
- Hunt coverage 58% of 24 observed techniques (10 gap(s)).
- Assessment confidence: medium (60).
Activity & trend
DormantLast 30d: 0 vs 0 prior (+0%)· first reported 2026-03-16 · last 2026-03-16
0
7d
0
30d
0
90d
1
All
0.0
Rpts/wk
Reporting timeline · 12 months
Movement — last 30 days
Dropped (90d+)
T1053.005T1047T1213.002T1588.007T1059.007T1583.008T1003.002T1543.003T1588.006T1555.005T1219T1684Vulnerabilities in this actor's reporting · 16
- CVE-2019-6693KEV1 rpt
- CVE-2021-27877KEV1 rpt
- CVE-2021-27878KEV1 rpt
- CVE-2021-40539KEV1 rpt
- CVE-2023-4966KEV1 rpt
- CVE-2024-21762KEV1 rpt
- CVE-2024-3400KEV1 rpt
- CVE-2024-37085KEV1 rpt
- CVE-2024-40766KEV1 rpt
- CVE-2024-55591KEV1 rpt
- CVE-2025-31161KEV1 rpt
- CVE-2025-31324KEV1 rpt
- CVE-2025-53770KEV1 rpt
- CVE-2025-61882KEV1 rpt
- CVE-2025-8088KEV1 rpt
- CVE-2025-537711 rpt
Overview
Analyst triage
Intelligence summary
INC Ransom is a ransomware and data extortion threat group associated with the deployment of INC Ransomware that has been active since at least July 2023. INC Ransom has targeted organizations worldwide most commonly in the industrial, healthcare, and education sectors in the US and Europe.(Citation: Bleeping Computer INC Ransomware March 2024)(Citation: Cybereason INC Ransomware November 2023)(Citation: Secureworks GOLD IONIC April 2024)(Citation: SentinelOne INC Ransomware)
Top co-occurring indicators
Aliases & naming
Targeting · countries
Targeting · named victims
ATT&CK technique matrix
Coverage vs hunt library:
—
Hunt-coverage gaps — prioritized
Top techniques by observation
- T1053.005 · Scheduled Taskconf 601
- T1047 · Windows Management Instrumentationconf 601
- T1213.002 · Sharepointconf 601
- T1588.007 · Artificial Intelligenceconf 601
- T1059.007 · JavaScriptconf 601
- T1583.008 · Malvertisingconf 601
- T1003.002 · Security Account Managerconf 601
- T1543.003 · Windows Serviceconf 601
- T1588.006 · Vulnerabilitiesconf 601
- T1555.005 · Password Managersconf 601
- T1219 · Remote Access Toolsconf 601
- T1684 · Social Engineeringconf 601
Threat catalogue · engineering roadmap
Flagged detection-engineering queue
Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.
Infrastructure
IOC type mix
Tooling / malware families
Relationships
Activity
30-day mention timeline
Recent reporting
| Title | Source | Severity | Collected |
|---|