HOMETHREATSinc ransom
APT / THREAT GROUP💰 FINANCIAL

inc ransom

281
victims
1
campaigns
1
aliases

Intelligence Profile

inc ransom — tracked by MISP Galaxy (ransomware).

Threat Analysis

inc ransom is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like inc ransom prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

Ransomware Victims (281)

CTIWATCH tracks 281 organizations claimed as victims by inc ransom on its data leak site, with attack dates, sectors and countries.

View full victims list →

Known Campaigns

Inc Ransom — Active Campaign April 2026

Inc Ransom is conducting an active ransomware campaign targeting organizations across 3 countries. Primary targets: Financial Services, Manufacturing. 19 confirmed victims recorded in the last 45 days. Campaign status: ACTIVE (last activity 13 Apr 2026).

🎯 Financial Services🎯 Manufacturing
ACTIVEHIGH2026

Intelligence Reports Mentioning inc ransom

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Aliases1

Also Known As

inc ransom

DLS Infrastructure

○ OFFLINEincblog7vmuq7rktic73r4ha4j757m3ptym37tyvifzp2roedyyzzxid.onion
○ OFFLINEincapt.blog
○ OFFLINEincapt.su
● ONLINEincblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion
○ OFFLINEincpaysp74dphcbjyvg2eepxnl3tkgt5mq5vd4tnjusoissz342bdnad.onion

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.