incransom
Known ransomware group ACTIVEAlso known as: INC Ransom
Active · high-tempo
INC Ransom is a double-extortion ransomware group first observed in mid-2023, targeting healthcare, government, and industrial organizations across North America and Europe. Its tooling and tactics have been linked to the later Lynx ransomware, suggesting shared or rebranded operators.
19
Total Claims
18
Critical
—
Records Claimed
10
Industries Hit
Active span: Apr 10, 2026 – May 28, 2026 · 19 organizations targeted
Active · high-tempo
Actor Threat Profile
Activity Timeline
Peak: Apr 2026 (13)Apr 2026
LessMore
May 2026Share this profile
Top Targeted Industries
Healthcare 5
Business Services 5
Energy 1
Financial Services 1
Manufacturing 1
Consumer Services 1
Tradecraft & Infrastructure
15
Documented tools
0 / 0
MITRE tactics / techniques
7
Known leak sites
CredentialTheftDiscoveryEnumExfiltrationLOLBASNetworkingRMM-Tools
Full intelligence profile on ransomware.live →
Targeted Organizations
belimed.comDistrigaz Vest S.A.Open Door Health Centerhttps://sibillacapital.com/Aerodiagnosticshttps://www.wilkemgroup.com/sumacinc.comMTCIDorotea Swedenkrauseundcotlctrialteam.comkrwlawyers.comteamster773.orgMag. Fünder Hausverwaltungs GmbHmastercom.com.aumorgancountyga.govwww.campbell.eduKannarr Eye Carewright-ryan.com
Claims by incransom
Critical
1.5 TB leaked Ransomware Claim: belimed.com
belimed.com
incransom
Ransomware Healthcare
Jun 2, 2026 Critical
100 GB leaked Ransomware Claim: Distrigaz Vest S.A.
Distrigaz Vest S.A.
incransom
Ransomware Energy
May 28, 2026 Critical
Ransomware Claim: Open Door Health Center
Open Door Health Center
incransom
Ransomware Healthcare
May 27, 2026 Critical
Ransomware Claim: https://sibillacapital.com/
https://sibillacapital.com/
incransom
Ransomware Financial Services
May 10, 2026 Critical
50 GB leaked Ransomware Claim: Aerodiagnostics
Aerodiagnostics
incransom
Ransomware Healthcare
May 8, 2026 High
400 GB leaked Ransomware Claim: https://www.wilkemgroup.com/
https://www.wilkemgroup.com/
incransom
Ransomware Manufacturing
May 4, 2026 Critical
2 TB leaked Ransomware Claim: sumacinc.com
sumacinc.com
incransom
Ransomware Business Services
Apr 28, 2026 Critical
320 GB leaked Ransomware Claim: MTCI
MTCI
incransom
Ransomware
Apr 27, 2026 Critical
Ransomware Claim: Dorotea Sweden
Dorotea Sweden
incransom
Ransomware Consumer Services
Apr 25, 2026 Critical
Ransomware Claim: krauseundco
krauseundco
incransom
Ransomware Business Services
Apr 25, 2026 Critical
Ransomware Claim: tlctrialteam.com
tlctrialteam.com
incransom
Ransomware Healthcare
Apr 25, 2026 Critical
Ransomware Claim: krwlawyers.com
krwlawyers.com
incransom
Ransomware Business Services
Apr 23, 2026 Critical
Ransomware Claim: teamster773.org
teamster773.org
incransom
Ransomware Transportation/Logistics
Apr 23, 2026 Critical
Ransomware Claim: Mag. Fünder Hausverwaltungs GmbH
Mag. Fünder Hausverwaltungs GmbH
incransom
Ransomware Business Services
Apr 18, 2026 Critical
Ransomware Claim: mastercom.com.au
mastercom.com.au
incransom
Ransomware Telecommunication
Apr 12, 2026 Critical
Ransomware Claim: morgancountyga.gov
morgancountyga.gov
incransom
Ransomware Public Sector
Apr 12, 2026 Critical
500 GB leaked Ransomware Claim: www.campbell.edu
www.campbell.edu
incransom
Ransomware Education
Apr 11, 2026 Critical
Ransomware Claim: Kannarr Eye Care
Kannarr Eye Care
incransom
Ransomware Healthcare
Apr 10, 2026 Critical
600 GB leaked Ransomware Claim: wright-ryan.com
wright-ryan.com
incransom
Ransomware Business Services
Apr 10, 2026