HomeIntelligenceBrief
BREACH BRIEF🟠 High Ransomware

INC Ransomware RaaS Claims 830 Victims Since 2023, Emerging as Top Threat in 2026

Researchers report that the INC ransomware‑as‑a‑service group has hit 830 victim organizations since August 2023, capitalizing on the collapse of rival gangs. The scale underscores the need for SOC 2‑aligned control mapping and continuous evidence collection to prove ransomware readiness.

LiveThreat™ Intelligence · 📅 June 18, 2026· 📰 thehackernews.com
🟠
Severity
High
RW
Type
Ransomware
🎯
Confidence
High
🏢
Affected
5 sector(s)
Actions
3 recommended
📰
Source
thehackernews.com

INC Ransomware RaaS Claims 830 Victims Since 2023, Emerging as Top Threat in 2026

What Happened — Researchers tracking ransomware‑as‑a‑service (RaaS) operations report that the “INC” gang has moved from a niche player to one of the most prolific ransomware groups in 2026, with 830 confirmed victim organizations between August 2023 and June 2026. The surge follows the disruption of rival gangs (LockBit, BlackCat), prompting affiliates to migrate to the INC platform.

Why It Matters for Compliance & Audit Readiness

  • SOC 2‑aligned continuous‑compliance programs require documented control mapping for ransomware‑related controls (e.g., data‑back‑up, encryption, incident‑response) so auditors can see that protective measures are in place before an attack.
  • Ongoing evidence collection (log retention, backup verification, recovery‑test results) provides the defensible audit trail needed to demonstrate that the organization met the Security and Availability Trust Services Criteria during a breach.
  • The Control‑Mapping capability in Verisq’s Trust Center automates the linkage of ransomware‑mitigation controls to SOC 2 criteria and continuously gathers evidence for audit readiness.

Who Is Affected — Enterprises across all verticals (finance, healthcare, SaaS, manufacturing, etc.) that rely on legacy backups, unpatched endpoints, or insufficient incident‑response playbooks.

Recommended Actions

  • Map your backup, encryption, and incident‑response controls to the SOC 2 Security and Availability criteria.
  • Implement continuous evidence collection (e.g., automated backup‑integrity logs, recovery‑test reports) and store them in a tamper‑evident repository.
  • Conduct a tabletop ransomware response exercise and update your incident‑response playbook with lessons learned from recent RaaS trends.

Source: The Hacker News

Technical Notes — INC operates as a RaaS platform; affiliates gain access to encryption tools, exfiltration modules, and “double‑extortion” kits. Attack vectors typically include phishing, credential theft, and exploitation of unpatched vulnerabilities. Data types compromised range from PII to proprietary business information.

📰 Original Source
https://thehackernews.com/2026/06/inc-ransomware-claims-830-victims-since.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →