Cybercriminal puts INC Ransom source code up for sale

A cybercriminal who has assumed the name "salfetka" is purportedly selling the source code for the INC Ransom ransomware-as-a-service operation, BleepingComputer reports.

The sale was being advertised on the Exploit and XSS hacking forums for $300,000 and included both Windows and Linux/ESXi versions, with the seller restricting buyers to three. The legitimacy of the sale is bolstered by technical details and the inclusion of both old and new INC Ransom URLs in "salfetka's" posts. However, there are no official announcements on INC's websites about the source code sale.

The new extortion site of INC Ransom lists 64 victims, suggesting a possible rebranding or split within the operation, and resembles the design of another RaaS operation, Hunters International.

The private sale of this ransomware code, especially the Linux/ESXi version, poses significant risks as it could empower other threat actors and complicate efforts to combat ransomware attacks. INC Ransom, which initially launched in August 2023, has targeted major entities including the U.S. division of Xerox Business Solutions, Yamaha Motor Philippines, and Scotland's National Health Service.