INC Ransom attacks Elemetal

Incident Date:

September 14, 2023

World map



INC Ransom attacks Elemetal




Inc Ransom


Dallas, USA

Texas, USA

First Reported

September 14, 2023

INC Ransom Ransomware Gang Attacks Elemetal

The INC Ransom ransomware gang has attacked Elemetal. Elemetal, previously known as NTR Metals, was a prominent player in the precious metals industry within the United States. The company's operations spanned various aspects of the precious metals sector, encompassing refining, recycling, and trading. Elemetal's primary focus revolved around precious metals like gold, silver, and platinum group metals. They offered a diverse set of services, including refining and assaying these precious metals, manufacturing bullion products like coins and bars, and providing secure storage options for these valuable assets. Elemetal played a significant role in the American precious metals market.

Demands and Threats

INC Ransom posted Elemetal to its data leak site on September 14th demanding a $160,000 ransom for the safe return of stolen data. INC is a malicious software program categorized as ransomware, specifically designed to encrypt data and demand payment for decryption services. During our testing, this malicious software successfully encrypted files and altered their file names by adding a ".INC" extension. For instance, a file originally labeled as "1.jpg" was transformed into "1.jpg.INC," and "2.png" became "2.png.INC," and so on. After the encryption process was completed, INC ransomware generated a ransom note named "INC-README.txt."

The content of this note indicates that the malware primarily targets businesses rather than individual users. The ransom note associated with INC informs the victim that confidential data related to their company and clients has been stolen. The victim is provided with a 72-hour window to establish contact with the attackers. Failure to meet this deadline will result in the public release of the stolen information. The note also claims that the cybercriminals possess the capability to promptly restore the encrypted files without any loss of data.

Advisory Against Payment

In most instances of ransomware infections, decryption without the involvement of the attackers is exceedingly difficult. There are rare exceptions in cases of severely flawed ransomware. Furthermore, even when victims comply with the ransom demands, they often do not receive the necessary decryption keys or tools. Therefore, we strongly advise against making any payments, as data recovery is not guaranteed, and such actions only serve to support criminal activities.

Removal and Recovery

To prevent further encryption by INC ransomware, it is imperative to remove the malware from the affected operating system. However, it is essential to note that removal will not automatically restore files that have already been compromised. The only viable solution is to recover data from a previously created backup, if one exists and is stored in a secure location.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.