INC ransomware stolen-data exposure from 12 U.S. organizations
Data Leak
Summary
Hide ▲
Show ▼
Researchers recovered encrypted victim data stolen by INC ransomware, exposing files from 12 unrelated U.S. organizations and showing attacker storage still retained exfiltrated material.
Related Happenings
Grubhub Salesforce and Zendesk data extortion leak
Data Leak
First: 15.01.2026 23:38
Last: 15.01.2026 23:38
Sources 1
About this happening:
**Grubhub** is facing a **data leak extortion** attempt after stolen **Salesforce** and **Zendesk** data were tied to a **February 2025 breach** and a more recent compromise. The...
Grubhub Salesforce and Zendesk data extortion leak
Data LeakAbout this happening: **Grubhub** is facing a **data leak extortion** attempt after stolen **Salesforce** and **Zendesk** data were tied to a **February 2025 breach** and a more recent compromise. The...
ShinyHunters Salesforce extortion campaign against global companies in 2025
Campaign
First: 15.01.2026 17:45
Last: 15.01.2026 17:45
Sources 1
About this happening:
The **ShinyHunters** campaign now includes a **Qantas** breach disclosed after the airline found a **June 30, 2025** intrusion in a **third-party platform** used by one customer s...
ShinyHunters Salesforce extortion campaign against global companies in 2025
CampaignAbout this happening: The **ShinyHunters** campaign now includes a **Qantas** breach disclosed after the airline found a **June 30, 2025** intrusion in a **third-party platform** used by one customer s...
BreachForums member database leaked online
Data Leak
First: 10.01.2026 20:17
Last: 10.01.2026 20:17
Sources 1
About this happening:
The **BreachForums** member database leaked online, exposing **323,988 accounts** and some **public IP addresses** that could aid attribution. A **7Zip archive** carried the forum...
BreachForums member database leaked online
Data LeakAbout this happening: The **BreachForums** member database leaked online, exposing **323,988 accounts** and some **public IP addresses** that could aid attribution. A **7Zip archive** carried the forum...
Timeline
-
22.01.2026 18:21 2 articles · 4mo ago
Cyber Centaurs recovers INC-stolen data from 12 U.S. organizations
Technical Analysis UpdateCyber Centaurs disclosed that its forensic work on an INC ransomware case recovered encrypted victim data from attacker-controlled storage, with controlled enumeration confirming data from 12 unrelated U.S. organizations in healthcare, manufacturing, technology, and services. The analysis traced Restic-related artifacts, renamed binaries such as winupdate.exe, PowerShell scripts including new.ps1, and hardcoded repository variables, then decrypted preserved backups, validated ownership with law enforcement, and produced YARA and Sigma detections for Restic or renamed binaries.
Show sources
- INC ransomware opsec fail allowed data recovery for 12 US orgs — www.bleepingcomputer.com — 22.01.2026 18:21
- INC ransomware opsec fail allowed data recovery for 12 US orgs — www.bleepingcomputer.com — 22.01.2026 18:21