The INC ransomware group has allegedly added four new victims to its data leak site, spanning across North and South America. The targeted organizations operate in diverse sectors, including manufacturing, professional services, and automotive components. The group has published proof packs for each victim, suggesting they have exfiltrated a significant amount of sensitive data.
The list of allegedly compromised companies includes:
- Manesa 🇲🇽: A manufacturing company based in Mexico, specializing in stamped metal products. The attackers claim to have leaked 88.8 GB of data, including financial, legal, project, and production process documents.
- BDO Perú 🇵🇪: The Peruvian arm of the global professional services network providing audit, tax, and advisory services. The breach allegedly exposed personal data of department heads, client information, accounting data, and audit-related materials for over 500 companies.
- CPK Interior Products Inc 🇨🇦: A Canadian manufacturer of interior automotive components and products. Leaked documents appear to include sensitive corporate data such as confidentiality agreements.
- Kafka Conveyors & Equipment Inc 🇺🇸: A US-based company that designs and builds custom conveyor systems for various industries. The data leak allegedly includes internal HR documents like termination notices and proprietary technical schematics.
This series of attacks highlights the indiscriminate nature of ransomware operations, targeting a wide array of industries and geographical locations. The exfiltrated data, ranging from personal identification and client financial records to internal corporate documents and proprietary designs, poses a severe risk to the affected companies, their employees, and their clients. The leak of such confidential information could lead to financial loss, reputational damage, and potential regulatory penalties for the victims.
