Skip to main content

// group profile

incransom

Active

INC Ransom is a prolific ransomware-as-a-service operation active since July 2023 that systematically targets healthcare, government, education, and manufacturing sectors in North America and Europe, having posted over 200 victims in 2025 alone with no sector off-limits.

822

Victims

7

Sites

Victims (822)

Live

kelmreuter.com

incransomUnited States

obrieneng.com

incransomUnited States

Stuga Machinery

incransomUnited Kingdom

pdcbodynits

incransomSingapore

CUSTOMSIGN

incransomUnited States

Colina Financial Advisors

Oztugotomotiv

incransomTurkey

trrac.net

incransomUnited States

Bradley law firm

incransomUnited States

Champaign-Urbana Public Health District

incransomUnited States

www.labexpress.com

incransomUnited States

belimed.com

incransomUnited States

lawants

Distrigaz Vest S.A.

incransomRomania

PILLER AIMMCO

incransomUnited States

Open Door Health Center

incransomUnited States

Meirc training and consulting

incransomUnited Arab Emirates

Mecanizados y Montajes Aeronáuticos (mymgroup.es)

threadinnovations

incransomCanada

Nothing

incransomTaiwan

bergen1.net

incransomUnited States

metaval.com.au

incransomAustralia

defenseisready.com

incransomUnited States

lafj.org

incransomUnited States

United Quality Cooperative / www.uqcoop.com

incransomUnited States

Known Leak Sites

incbackend.topDLS

incapt.blogDLS

incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onionDLS

incbacg6bfwtrlzwdbqc55gsfl763s3twdtwhp27dzuik6s6rwdcityd.onionDLS

incbackrlasjesgpfu5brktfjknbqoahe2hhmqfhasc5fb56mtukn4yd.onionDLS

incapt.suDLS

incblog7vmuq7rktic73r4ha4j757m3ptym37tyvifzp2roedyyzzxid.onionDLS

Top Targeted Countries

United States460

Canada46

Germany37

United Kingdom35

Australia25

MITRE ATT&CK

T1486Data Encrypted for Impact

Encrypts files using AES and RSA

T1490Inhibit System Recovery

Disables recovery options

T1078Valid Accounts

Exploits Citrix NetScaler vulnerabilities for access

T1021.002SMB/Windows Admin Shares

Spreads via network shares

Activity

Total victims822

Countries affected69

Last seenNo recent activity

Explore

Ransomware NewsRelated articles

Check DecryptorsFree tools

Payment DataRansom tracking

MITRE ATT&CKTechniques

Live MapGlobal view

Source: ransomware.live|Refreshes every 5 min