INC Ransom attacks Greenpoint

Incident Date:

October 17, 2023

World map



INC Ransom attacks Greenpoint




Inc Ransom


Bothell, USA

Washington, USA

First Reported

October 17, 2023

INC Ransom Ransomware Gang Attacks Greenpoint Technologies

The INC Ransom ransomware gang has attacked Greenpoint Technologies. Greenpoint Technologies is a company that specializes in the design and completion of custom luxury aircraft interiors. The company primarily focuses on creating luxurious and high-end interiors for private jets, including Boeing Business Jets (BBJs), Airbus Corporate Jets (ACJs), and other large executive aircraft. INC Ransom posted Greenpoint Technologies to its data leak site on October 17th but provided no further details.

What is INC Ransom?

INC is a malicious software program categorized as ransomware, specifically designed to encrypt data and demand payment for decryption services. During our testing, this malicious software successfully encrypted files and altered their file names by adding a ".INC" extension. For instance, a file originally labeled as "1.jpg" was transformed into "1.jpg.INC," and "2.png" became "2.png.INC," and so on. After the encryption process was completed, INC ransomware generated a ransom note named "INC-README.txt."

The content of this note indicates that the malware primarily targets businesses rather than individual users. The ransom note associated with INC informs the victim that confidential data related to their company and clients has been stolen. The victim is provided with a 72-hour window to establish contact with the attackers. Failure to meet this deadline will result in the public release of the stolen information. The note also claims that the cybercriminals possess the capability to promptly restore the encrypted files without any loss of data.

Risks and Recommendations

In most instances of ransomware infections, decryption without the involvement of the attackers is exceedingly difficult. There are rare exceptions in cases of severely flawed ransomware. Furthermore, even when victims comply with the ransom demands, they often do not receive the necessary decryption keys or tools. Therefore, we strongly advise against making any payments, as data recovery is not guaranteed, and such actions only serve to support criminal activities.

To prevent further encryption by INC ransomware, it is imperative to remove the malware from the affected operating system. However, it is essential to note that removal will not automatically restore files that have already been compromised. The only viable solution is to recover data from a previously created backup, if one exists and is stored in a secure location.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.