Ransomware Attack on Visionary Homes by Incransom

Visionary Homes, a prominent homebuilding company based in Utah, has recently fallen victim to a ransomware attack orchestrated by the notorious cybercriminal group Incransom. The breach was identified on September 20, 2024, and has raised significant concerns about the security of internal company data.

About Visionary Homes

Visionary Homes, established in 2004 by Jeff Jackson and Justin Cooper, is recognized for its high-quality, thoughtfully designed residential properties. The company operates primarily in the construction sector, focusing on both commercial and residential projects. Visionary Homes employs approximately 134 individuals and reported a revenue of around $31.2 million as of 2024. The company is known for its "Built For Living" philosophy, emphasizing the creation of homes that foster family memories and experiences. Their offerings include single-family homes, townhomes, and condominiums, tailored to meet the needs of modern families.

Attack Overview

The ransomware attack on Visionary Homes was claimed by Incransom via their dark web leak site. While the specific details of the compromised data have not been fully disclosed, the leak page suggests potential exposure of internal company information. Screenshots purportedly displaying internal data have been referenced, although the exact nature of the sensitive content remains unspecified. Download links have been mentioned, indicating that some data may have been made available, but the full scope and impact of the breach are still undetermined.

About Incransom

Incransom is a highly sophisticated cybercriminal group known for its targeted ransomware attacks on corporate and organizational networks. The group employs advanced techniques such as spear-phishing campaigns and exploiting vulnerabilities like CVE-2023-3519 in Citrix NetScaler. Incransom's attacks involve not only encrypting data but also stealing it and threatening to release it publicly, a tactic known as double extortion. The group has targeted various industries, including healthcare, education, government entities, and technology companies, and has been active since 2023.

Potential Vulnerabilities

Visionary Homes, like many companies in the construction sector, may have been targeted due to potential vulnerabilities in their cybersecurity infrastructure. The use of outdated software, lack of regular security updates, and insufficient employee training on phishing attacks could have contributed to the breach. Incransom's sophisticated techniques, including the use of legitimate system tools for reconnaissance and lateral movement within a network, further underscore the importance of robust cybersecurity measures.

Sources

• Visionary Homes
• SOCRadar - Dark Web Profile: Incransom
• SentinelOne - Incransom
• Security Affairs - Incransom Ransomware Attack on Xerox Corp
• Huntress - Investigating New Incransom Group Activity