Incransom's Ransomware Disrupts Waupaca County Systems
Incident Date:
July 5, 2024
Overview
Title
Incransom's Ransomware Disrupts Waupaca County Systems
Victim
Waupaca County
Attacker
Inc Ransom
Location
First Reported
July 5, 2024
Analysis of the Ransomware Attack on Waupaca County by Incransom
Victim Profile: Waupaca County, Wisconsin
Waupaca County, located in the east-central part of Wisconsin, USA, operates primarily through its official website, waupacacounty-wi.gov. This digital platform is essential for the county's administration, providing residents with access to governmental resources, community updates, and administrative services. The county's infrastructure supports various departments including the Sheriff's Office, Health and Human Services, and the Highway Department. Notably, the Register of Deeds office transitioned to a new web-based land records management system called RecordEASE in March 2022, which underscores the county's increasing reliance on digital solutions. The integration of such technology, while beneficial, also potentially increases vulnerability to cyber-attacks due to the critical nature of the services and the data involved.
Attack Overview
On June 18, 2024, Waupaca County experienced a significant disruption in its computer systems due to a ransomware attack. The cybercriminal group Incransom publicly claimed responsibility for this incident. While some critical systems were swiftly restored and emergency response systems remained unaffected, the attack highlights ongoing security challenges. The specifics of the ransom demanded, the exact nature of the data breach, and the method of network penetration have not been disclosed. However, the incident has prompted an investigation and recovery process involving third-party cybersecurity specialists.
Ransomware Group: Incransom
Incransom, a notorious ransomware group known for its sophisticated cyber-attacks, has targeted various sectors including government entities. The group employs advanced tactics such as spear-phishing, exploitation of vulnerabilities like CVE-2023-3519 in Citrix NetScaler, and the use of legitimate system tools for reconnaissance. Incransom's modus operandi includes not only encrypting data but also exfiltrating it, followed by threats of public disclosure if their ransom demands are not met. This double extortion technique significantly pressures victims to comply with their demands.
Potential Entry Points and Security Implications
While the specific entry point used by Incransom in the Waupaca County attack remains unclear, typical vectors include phishing attacks, exploitation of software vulnerabilities, or inadequate security protocols on critical infrastructure. The county's recent adoption of new digital systems such as RecordEASE might have opened new vulnerabilities, particularly if these systems were not fully secured or if staff were not adequately trained on new security requirements. The incident underscores the need for continuous security assessments and updates, especially when implementing new technology solutions.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.