INC Ransom Ransomware Gang Attacks Elemetal

The INC Ransom ransomware gang has attacked Elemetal. Elemetal, previously known as NTR Metals, was a prominent player in the precious metals industry within the United States. The company's operations spanned various aspects of the precious metals sector, encompassing refining, recycling, and trading. Elemetal's primary focus revolved around precious metals like gold, silver, and platinum group metals. They offered a diverse set of services, including refining and assaying these precious metals, manufacturing bullion products like coins and bars, and providing secure storage options for these valuable assets. Elemetal played a significant role in the American precious metals market.

Demands and Threats

INC Ransom posted Elemetal to its data leak site on September 14th demanding a $160,000 ransom for the safe return of stolen data. INC is a malicious software program categorized as ransomware, specifically designed to encrypt data and demand payment for decryption services. During our testing, this malicious software successfully encrypted files and altered their file names by adding a ".INC" extension. For instance, a file originally labeled as "1.jpg" was transformed into "1.jpg.INC," and "2.png" became "2.png.INC," and so on. After the encryption process was completed, INC ransomware generated a ransom note named "INC-README.txt."

The content of this note indicates that the malware primarily targets businesses rather than individual users. The ransom note associated with INC informs the victim that confidential data related to their company and clients has been stolen. The victim is provided with a 72-hour window to establish contact with the attackers. Failure to meet this deadline will result in the public release of the stolen information. The note also claims that the cybercriminals possess the capability to promptly restore the encrypted files without any loss of data.

Advisory Against Payment

In most instances of ransomware infections, decryption without the involvement of the attackers is exceedingly difficult. There are rare exceptions in cases of severely flawed ransomware. Furthermore, even when victims comply with the ransom demands, they often do not receive the necessary decryption keys or tools. Therefore, we strongly advise against making any payments, as data recovery is not guaranteed, and such actions only serve to support criminal activities.

Removal and Recovery

To prevent further encryption by INC ransomware, it is imperative to remove the malware from the affected operating system. However, it is essential to note that removal will not automatically restore files that have already been compromised. The only viable solution is to recover data from a previously created backup, if one exists and is stored in a secure location.