INC ransomware encryptors rewritten in Rust
Malware Activity
Summary
Hide ▲
Show ▼
INC's Windows and Linux/ESXi encryptors were rewritten in Rust, improving cross-platform development and making reverse engineering harder. The malware line also gained updated credential-dumping support aimed at newer Veeam backup deployments. The changes strengthen the ransomware toolset used in 2026 attacks and raise the cost of analysis and defense.
Related Happenings
INC ransomware group’s RaaS expansion and victim growth in 2026
Threat Actor Meta
H score45
First: 18.06.2026 17:12
Last: 18.06.2026 17:12
Sources 1
How related:
Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims since August 2023.
About this happening:
**INC** has grown from a **RaaS** startup into one of **2026**’s most prolific ransomware groups, with **830+ victims since August 2023**. The expansion followed affiliate migrati...
INC ransomware group’s RaaS expansion and victim growth in 2026
Threat Actor MetaHow related: Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims since August 2023.
About this happening: **INC** has grown from a **RaaS** startup into one of **2026**’s most prolific ransomware groups, with **830+ victims since August 2023**. The expansion followed affiliate migrati...
Medusa ransomware post-compromise deployment
Malware Activity
H score48
First: 07.04.2026 09:35
Last: 07.04.2026 09:35
Sources 1
About this happening:
**Medusa ransomware** is being deployed rapidly after initial access, turning intrusions into fast-moving extortion events and shrinking defenders' response time. The malware acti...
Medusa ransomware post-compromise deployment
Malware ActivityAbout this happening: **Medusa ransomware** is being deployed rapidly after initial access, turning intrusions into fast-moving extortion events and shrinking defenders' response time. The malware acti...
Storm-1175 high-velocity exploit campaign
Campaign
H score59
First: 06.04.2026 19:56
Last: 06.04.2026 19:56
Sources 1
About this happening:
**Storm-1175** is running a **high-velocity exploit campaign** that rapidly turns access into **Medusa ransomware** deployment, creating risk of **data exfiltration** and encrypte...
Storm-1175 high-velocity exploit campaign
CampaignAbout this happening: **Storm-1175** is running a **high-velocity exploit campaign** that rapidly turns access into **Medusa ransomware** deployment, creating risk of **data exfiltration** and encrypte...
Beast ransomware group’s RaaS model and shared TTPs exposed through an open server
Threat Actor Meta
H score37
First: 20.03.2026 18:31
Last: 20.03.2026 18:31
Sources 1
About this happening:
An exposed **Beast ransomware group** server now shows its **RaaS operating model** and reusable toolset, complicating attribution across ransomware crews. The recovered materials...
Beast ransomware group’s RaaS model and shared TTPs exposed through an open server
Threat Actor MetaAbout this happening: An exposed **Beast ransomware group** server now shows its **RaaS operating model** and reusable toolset, complicating attribution across ransomware crews. The recovered materials...
Reynolds ransomware BYOVD defense-evasion activity
Malware Activity
H score31
First: 10.02.2026 16:36
Last: 10.02.2026 16:36
Sources 1
About this happening:
The **Reynolds** ransomware family now matters because it bundles a **vulnerable NsecSoft NSecKrnl driver** inside the payload to disable **EDR** and terminate security processes...
Reynolds ransomware BYOVD defense-evasion activity
Malware ActivityAbout this happening: The **Reynolds** ransomware family now matters because it bundles a **vulnerable NsecSoft NSecKrnl driver** inside the payload to disable **EDR** and terminate security processes...
Timeline
-
18.06.2026 17:12 2 articles · 2h ago
INC ransomware encryptors rewritten in Rust
Technical Analysis UpdateINC ransomware encryptors for Windows and Linux/ESXi were rewritten in Rust to support easier cross-platform development and better resist reverse engineering. The updated payload set also includes a credential dumper that can target newer Veeam backup deployments using salted DPAPI credential encryption.
Show sources
- INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023 — thehackernews.com — 18.06.2026 17:12
- INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023 — thehackernews.com — 18.06.2026 17:12