INC Ransom attacks It4 Solutions Robras

Incident Date:

September 6, 2023

World map



INC Ransom attacks It4 Solutions Robras


It4 Solutions Robras


Inc Ransom


Oakland Park, USA

Florida, USA

First Reported

September 6, 2023

INC Ransom Ransomware Targets IT4 Solutions Robras

The INC Ransom ransomware gang has attacked It4 Solutions Robras. IT4 Solutions Robras is a little-known IT company headquartered in Florida, USA. INC Ransom posted It4 Solutions Robras to its data leak site on September 6th but provided no further details.

INC represents a ransomware program that operates by encrypting data and subsequently demanding payment for decryption services. In our evaluation on a test system, this malicious software encrypted files and appended a ".INC" extension to their filenames. For example, a file initially labeled as "1.jpg" would appear as "1.jpg.INC," and "2.png" would become "2.png.INC," and so forth.

Encryption Process and Ransom Note

Following the completion of the encryption procedure, INC ransomware generated a ransom message titled "INC-README.txt." The content of this message makes it clear that this malware primarily targets businesses rather than individual users.

The ransom note issued by INC informs the victim that confidential data related to their company and clients has been exfiltrated. A 72-hour window is provided for the victim to establish contact with the attackers. Failure to meet this deadline will result in the exposure of the stolen information. The message also assures the victim that the cybercriminals possess the ability to swiftly restore the encrypted files without any data loss.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.