INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023

FOE The Hacker News June 18, 2026

Summary

The INC ransomware-as-a-service (RaaS) operation has significantly expanded its operations, claiming over 830 victims since August 2023. This growth is attributed to the disruption of other major RaaS groups like LockBit and BlackCat, which led affiliates to migrate to INC. Researchers have been tracking its evolution into a major threat.

IFF Assessment

FOE

The emergence and proliferation of a new, prolific ransomware-as-a-service operation like INC poses a significant threat to organizations, increasing the risk of attacks and data compromises.

Defender Context

Defenders should be aware of the INC ransomware's increasing prevalence and the factors contributing to its growth, such as the displacement of affiliates from other RaaS groups. Vigilance in network monitoring, timely patching, and robust incident response plans are crucial to mitigate the risk of infection.

Read Full Story →