Ransomware Attack on INCO Commercial by SafePay

INCO Commercial, a well-established commercial real estate brokerage firm based in Southern California, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group SafePay. The attack, which occurred on November 21, resulted in a significant data breach, with 210GB of sensitive information compromised. This incident highlights the growing threat of ransomware attacks on businesses across various sectors.

About INCO Commercial

Founded in 1986, INCO Commercial is a prominent player in the real estate sector, specializing in commercial and industrial properties. The firm operates under a broker-owned model, which contributes to its low overhead structure and fosters a collegial corporate culture. With approximately 12 employees, INCO Commercial offers a range of services, including leasing, sales and purchases, and property management. The company's commitment to providing quality services tailored to client needs has earned it a strong reputation in the industry.

SafePay Ransomware Group

The ransomware attack on INCO Commercial was executed by SafePay, a group known for its ransomware-as-a-service tactics and use of LockBit source code. SafePay employs a double-extortion strategy, encrypting files and threatening to release stolen data if ransom demands are not met. In this case, the group managed to infiltrate INCO Commercial's systems, potentially exploiting vulnerabilities such as weak network security or inadequate access controls.

Sources

• INCO Commercial
• Huntress Blog: It's Not Safe to Pay SafePay
• SecurityWeek: Microlise Confirms Data Breach
• The CyberWire Daily Briefing
• Check Point: Ransomware Hub