GOLD IONIC
| Actor Type | Criminal Group |
|---|---|
| Directly Linked Intrusion Sets | INC Ransomware Group |
GOLD IONIC is the name Secureworks assign to the INC Ransom Group.
According to researchers at Secureworks, GOLD IONIC emerged in August 2023, employing a double extortion method by exfiltrating data before encrypting systems and threatening to leak the data.
The group operates as a closed group, not using affiliates in a ransomware-as-a-service model, and targets a broad range of sectors and geographies.
Most victims are U.S.-based, with some also observed in the UK. The lack of victims from CIS countries suggests the group may operate out of Russia or a CIS country.
GOLD IONIC deploys INC ransomware, often through vulnerabilities like 'Citrix Bleed'. Organizations are advised to follow CISA and NCSC guidance to mitigate ransomware risks.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
GOLD IONIC Threat Reports
GOLD IONIC DEPLOYS INC RANSOMWARE
This blog post from Secureworks describes the intrusion set they track as GOLD IONIC, also known as INC Ransom Group. The post outlines GOLD IONIC ...