INC Ransom Ransomware Gang Attacks Greenpoint Technologies

The INC Ransom ransomware gang has attacked Greenpoint Technologies. Greenpoint Technologies is a company that specializes in the design and completion of custom luxury aircraft interiors. The company primarily focuses on creating luxurious and high-end interiors for private jets, including Boeing Business Jets (BBJs), Airbus Corporate Jets (ACJs), and other large executive aircraft. INC Ransom posted Greenpoint Technologies to its data leak site on October 17th but provided no further details.

What is INC Ransom?

INC is a malicious software program categorized as ransomware, specifically designed to encrypt data and demand payment for decryption services. During our testing, this malicious software successfully encrypted files and altered their file names by adding a ".INC" extension. For instance, a file originally labeled as "1.jpg" was transformed into "1.jpg.INC," and "2.png" became "2.png.INC," and so on. After the encryption process was completed, INC ransomware generated a ransom note named "INC-README.txt."

The content of this note indicates that the malware primarily targets businesses rather than individual users. The ransom note associated with INC informs the victim that confidential data related to their company and clients has been stolen. The victim is provided with a 72-hour window to establish contact with the attackers. Failure to meet this deadline will result in the public release of the stolen information. The note also claims that the cybercriminals possess the capability to promptly restore the encrypted files without any loss of data.

Risks and Recommendations

In most instances of ransomware infections, decryption without the involvement of the attackers is exceedingly difficult. There are rare exceptions in cases of severely flawed ransomware. Furthermore, even when victims comply with the ransom demands, they often do not receive the necessary decryption keys or tools. Therefore, we strongly advise against making any payments, as data recovery is not guaranteed, and such actions only serve to support criminal activities.

To prevent further encryption by INC ransomware, it is imperative to remove the malware from the affected operating system. However, it is essential to note that removal will not automatically restore files that have already been compromised. The only viable solution is to recover data from a previously created backup, if one exists and is stored in a secure location.