INC RANSOM Hackers Target the Lutheran Social Services of Indiana

By Miklos Zoltan . 21 April 2024

Founder - Privacy Affairs

Fact-Checked this

INC RANSOM hackers announced another target recently. The organization went for the Lutheran Social Services of Indiana, which they apparently managed to breach on the 10^th of April. The leak post was updated yesterday, suggesting the situation is still ongoing.

The Lutheran Social Services haven’t commented on the event, so it’s unclear if they’ve decided to negotiate with the hackers
The fact that the breach took place 11 days ago, but the event is still ongoing suggests that the victim may have at least contacted the hackers
INC RANSOM advertises itself as cybersecurity service provider, rather than a malware actors
The reasoning behind it is that they breach their victims to expose their cybersecurity vulnerabilities and demand a fee for that

Naturally, this is just a cover-up, as INC RANSOM qualifies as a ransomware threat with typical MOs and tactics. The gang simply poses as a service provider to ease the victims’ minds, so that they can come to terms with paying the ransom.

Several other ransomware groups use this tactic, although it doesn’t necessarily guarantee payment. As data shows, only 29% of the ransomware victims paid the ransom in Q4 of 2023. This is a significant drop from the previous years.

By comparison, in 2019, more than 85% of ransomware victims were paying the ransom, followed by a visible drop to 46% in 2021. Despite this downward trend, many still pay the ransom, which is enough to keep the hackers in business.

X showing the INC RANSOM attack on the Indian social services — https://twitter.com/FalconFeedsio/status/1781686537874297056

But is that enough for INC RANSOM? Yes and no. The fact that companies and governmental institutions have become more knowledgeable and wary about ransomware attacks isn’t optimal.

The fact that they no longer comply to the ransom demands at the same rates isn’t great either. So, ransomware actors had to adapt, INC RANSOM included. How? Several tactics are worth mentioning here.

What Makes INC RANSOM Special?

INC RANSOM operates slightly differently than your typical uneducated ransomware gang. In a paradigm where most victims refuse to pay the ransom or even negotiate, the novel ransomware actor has adopted several noticeable tactics to circumvent that:

Only target high-value targets whenever possible
Upgrade the code, tactics, and MOs to guarantee smooth intrusion and a stealthy approach
Improve the automatic exfiltration tool to leak as much data as possible
Upgrade the encryption tool to force the victim into the negotiation chat
Make some compromises to show some good faith

These tactics not only make it more difficult for the victim to resist the hackers but also make it trickier to overcome the problem. INC RANSOM’s encryption is very powerful and versatile, and many victims are forced to pay the ransom to recover their system.

Currently, INC RANSOM has upgraded to a double-extortion practice, forcing the victim to bargain for both the decryption key and the deletion of the data. This often increases the value of the ransom to be paid.

If you think you’re a potential target for INC RANSOM or any other ransomware gang, you might want to act today. Boost your defenses, educate your employees about avoiding traps, and contract the services of legitimate experts for a plus of security.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

INC RANSOM Hackers Target the Lutheran Social Services of Indiana

What Makes INC RANSOM Special?

Our Mission

Miklos Zoltan

Leave a Comment Cancel