Ransomware Group

INC Ransom

Also known as: INC

Status: active • First seen 2023-0775+ known victims

INC Ransom attacks hospitals and healthcare systems. They disrupted Scottish healthcare services by encrypting hospital computers and demanding ransom.

Overview

INC Ransom has targeted healthcare organizations including NHS Scotland. The group uses spear phishing and Citrix exploitation for initial access.

Target Industries

Healthcare, Education, Manufacturing, Government

How They Attack

  • Spear phishing
  • Citrix exploitation
  • Double extortion
  • Healthcare targeting

Notable Victims

NHS Scotland (2024), Educational institutions

Is your business exposed?

How to Protect Against INC Ransom

  1. 1.

    Patch Citrix vulnerabilities

  2. 2.

    Implement healthcare security protocols

  3. 3.

    Train staff on spear phishing

MITRE ATT&CK Techniques

T1566.001, T1190, T1486, T1567

Related Groups

Lynx

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices