Visionary Homes Hit by Incransom Ransomware Attack

Incident Date:

September 20, 2024

World map

Overview

Title

Visionary Homes Hit by Incransom Ransomware Attack

Victim

Visionary Homes

Attacker

Inc Ransom

Location

Logan, USA

Utah, USA

First Reported

September 20, 2024

Ransomware Attack on Visionary Homes by Incransom

Visionary Homes, a prominent homebuilding company based in Utah, has recently fallen victim to a ransomware attack orchestrated by the notorious cybercriminal group Incransom. The breach was identified on September 20, 2024, and has raised significant concerns about the security of internal company data.

About Visionary Homes

Visionary Homes, established in 2004 by Jeff Jackson and Justin Cooper, is recognized for its high-quality, thoughtfully designed residential properties. The company operates primarily in the construction sector, focusing on both commercial and residential projects. Visionary Homes employs approximately 134 individuals and reported a revenue of around $31.2 million as of 2024. The company is known for its "Built For Living" philosophy, emphasizing the creation of homes that foster family memories and experiences. Their offerings include single-family homes, townhomes, and condominiums, tailored to meet the needs of modern families.

Attack Overview

The ransomware attack on Visionary Homes was claimed by Incransom via their dark web leak site. While the specific details of the compromised data have not been fully disclosed, the leak page suggests potential exposure of internal company information. Screenshots purportedly displaying internal data have been referenced, although the exact nature of the sensitive content remains unspecified. Download links have been mentioned, indicating that some data may have been made available, but the full scope and impact of the breach are still undetermined.

About Incransom

Incransom is a highly sophisticated cybercriminal group known for its targeted ransomware attacks on corporate and organizational networks. The group employs advanced techniques such as spear-phishing campaigns and exploiting vulnerabilities like CVE-2023-3519 in Citrix NetScaler. Incransom's attacks involve not only encrypting data but also stealing it and threatening to release it publicly, a tactic known as double extortion. The group has targeted various industries, including healthcare, education, government entities, and technology companies, and has been active since 2023.

Potential Vulnerabilities

Visionary Homes, like many companies in the construction sector, may have been targeted due to potential vulnerabilities in their cybersecurity infrastructure. The use of outdated software, lack of regular security updates, and insufficient employee training on phishing attacks could have contributed to the breach. Incransom's sophisticated techniques, including the use of legitimate system tools for reconnaissance and lateral movement within a network, further underscore the importance of robust cybersecurity measures.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.