INC Ransom: A Growing Threat to Australian and Pacific Networks
A joint advisory issued on March 6, 2026, by Australia’s cyber security agency, CERT Tonga, and the New Zealand National Cyber Security Centre (NCSC) highlights the escalating threat posed by the INC Ransom ransomware group and its affiliate network to organizations in Australia, New Zealand, Tonga, and the wider Pacific region. This financially motivated cybercriminal group has been actively targeting networks since 2023, employing sophisticated tactics to encrypt data and extort payments from victims.
Understanding INC Ransom’s Tactics
INC Ransom, believed to be based in Russia, operates through a multi-faceted approach. They gain initial access to networks through spear-phishing campaigns, exploiting vulnerabilities in unpatched internet-facing devices, and leveraging purchased valid account credentials obtained from initial access brokers [Australian Cyber Security Centre].
Once inside a network, INC Ransom utilizes legitimate software to facilitate the exfiltration of sensitive data. Following successful data encryption, a ransom note is left, detailing the demands and providing contact instructions. If the ransom is not paid, the group employs double-extortion tactics, publishing the names of targeted entities and the stolen data on their dedicated leak site [Australian Cyber Security Centre].
Recent Cyber Attacks and Trends
December 2025 saw a surge in cyberattacks globally, with INC Ransom being a prominent player. High-profile incidents impacted various sectors, including retail, telecommunications, education, government, and healthcare [Cyber Management Alliance]. Notably, the Pierce County Library in the US was a victim of an INC Ransom attack [Cyber Management Alliance]. The UK’s NCSC Proactive Notifications program as well issued warnings regarding INC Ransom’s activities [Cyber Management Alliance].
Mitigation and Response
Authorities strongly recommend that organizations and government ministries implement specific mitigations to reduce the risk of compromise and enhance detection capabilities. CERT Tonga has issued specific guidance for organizations [CERT Tonga].
Rising OT Cyber Risk
Beyond general ransomware threats, organizations are facing increasing risks to Operational Technology (OT) systems. Experts emphasize the importance of network intrusion detection, east-west segmentation, and virtual patching for legacy systems [HealthcareInfoSecurity]. Prioritizing mission-critical assets and strengthening cross-sector threat intelligence sharing are also crucial for protecting critical infrastructure and manufacturing ecosystems [HealthcareInfoSecurity].
As Manoj Tiwary, CIO of Subaru Canada Inc., stated, the focus should be on operational resilience and rapid recovery in the event of an incident [HealthcareInfoSecurity].
Looking Ahead
The threat landscape continues to evolve, with ransomware groups like INC Ransom becoming increasingly sophisticated and aggressive. Proactive cybersecurity measures, robust incident response planning, and ongoing threat intelligence sharing are essential for organizations to protect themselves from these evolving threats.