INC Ransom attacks Elemetal
Incident Date:
September 14, 2023
Overview
Title
INC Ransom attacks Elemetal
Victim
Elemetal
Attacker
Inc Ransom
Location
First Reported
September 14, 2023
INC Ransom Ransomware Gang Attacks Elemetal
The INC Ransom ransomware gang has attacked Elemetal. Elemetal, previously known as NTR Metals, was a prominent player in the precious metals industry within the United States. The company's operations spanned various aspects of the precious metals sector, encompassing refining, recycling, and trading. Elemetal's primary focus revolved around precious metals like gold, silver, and platinum group metals. They offered a diverse set of services, including refining and assaying these precious metals, manufacturing bullion products like coins and bars, and providing secure storage options for these valuable assets. Elemetal played a significant role in the American precious metals market.
Demands and Threats
INC Ransom posted Elemetal to its data leak site on September 14th demanding a $160,000 ransom for the safe return of stolen data. INC is a malicious software program categorized as ransomware, specifically designed to encrypt data and demand payment for decryption services. During our testing, this malicious software successfully encrypted files and altered their file names by adding a ".INC" extension. For instance, a file originally labeled as "1.jpg" was transformed into "1.jpg.INC," and "2.png" became "2.png.INC," and so on. After the encryption process was completed, INC ransomware generated a ransom note named "INC-README.txt."
The content of this note indicates that the malware primarily targets businesses rather than individual users. The ransom note associated with INC informs the victim that confidential data related to their company and clients has been stolen. The victim is provided with a 72-hour window to establish contact with the attackers. Failure to meet this deadline will result in the public release of the stolen information. The note also claims that the cybercriminals possess the capability to promptly restore the encrypted files without any loss of data.
Advisory Against Payment
In most instances of ransomware infections, decryption without the involvement of the attackers is exceedingly difficult. There are rare exceptions in cases of severely flawed ransomware. Furthermore, even when victims comply with the ransom demands, they often do not receive the necessary decryption keys or tools. Therefore, we strongly advise against making any payments, as data recovery is not guaranteed, and such actions only serve to support criminal activities.
Removal and Recovery
To prevent further encryption by INC ransomware, it is imperative to remove the malware from the affected operating system. However, it is essential to note that removal will not automatically restore files that have already been compromised. The only viable solution is to recover data from a previously created backup, if one exists and is stored in a secure location.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.