Changeflow GovPing Data Privacy & Cybersecurity Joint Advisory on INC Ransom Cyber Threat Targe...
Priority review Guidance Added Final

Joint Advisory on INC Ransom Cyber Threat Targeting Australia, New Zealand and Pacific

Favicon for www.cyber.gov.au Australia ACSC Home
Detected
Email

Summary

The Australian Cyber Security Centre (ACSC) has released a joint advisory with CERT Tonga and New Zealand's National Cyber Security Centre (NCSC) detailing the operations of INC Ransom, a Russian-based ransomware group that has targeted organisations in Australia and the Pacific since 2023. The advisory describes the group's tactics including spear-phishing, exploitation of unpatched internet-facing devices, and double-extortion techniques where stolen data is published to a leak site if ransom is not paid. The ACSC strongly recommends organisations and government ministries implement the outlined mitigations to reduce compromise risk.

“We strongly recommend that organisations and government ministries implement the mitigations outlined in the advisory, to reduce the risk of compromise by INC Ransom and to enhance detection of this threat.”

ACSC , verbatim from source
Why this matters

Organisations that have not recently audited their email security controls and vulnerability patching programs should treat this advisory as a trigger for immediate review. INC Ransom's reliance on spear-phishing and unpatched devices means that multi-factor authentication enforcement, email filtering rule updates, and prioritised patching of internet-facing systems are the highest-leverage mitigations referenced in the advisory.

AI-drafted from the source document, validated against GovPing's analyst note standards . For the primary regulatory language, read the source document .
Published by ACSC on cyber.gov.au . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors Australia ACSC Home for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 3 changes logged to date.

View original document View source feed page

What changed

The ACSC has published a joint advisory with CERT Tonga and NZ NCSC identifying INC Ransom as an active ransomware threat to networks in Australia, New Zealand, and Pacific Island states. The advisory details that INC Ransom uses spear-phishing campaigns, exploits unpatched internet-facing devices, and purchases valid credentials from initial access brokers to gain access to victim networks. After encryption, the group uses double-extortion tactics, publishing victim names and exfiltrated data to their leak site if ransom is not paid. Organisations should review the linked advisory and implement the recommended mitigations to reduce their risk of compromise and enhance threat detection.

Archived snapshot

Apr 23, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Today we have released a joint advisory with Kingdom of Tonga’s National Computer Emergency Response Team (CERT Tonga) and the New Zealand National Cyber Security Centre (NCSC) about the operations of ransomware group INC Ransom and their affiliate network, and the threat that their operations are posing to networks hosted in Australia and the Pacific.

INC Ransom is a Russian based financially motivated cybercriminal group, with members targeting organisations through spear-phishing campaigns, and exploiting unpatched internet-facing devices or using purchased valid account credentials from initial access brokers.

They use legitimate software to facilitate exfiltration of sensitive data. Following successful data encryption, INC Ransom leaves a ransom note stating demands and contact instructions. If targeted entities do not pay the requested ransom amount, INC Ransom engages double-extortion tactics, by publishing entity names and exfiltrated data to its dedicated leak site.

INC Ransom and their affiliate network have compromised organisations worldwide, including in Australia and the Pacific, since 2023.

We strongly recommend that organisations and government ministries implement the mitigations outlined in the advisory, to reduce the risk of compromise by INC Ransom and to enhance detection of this threat.

Read the full advisory.

Parties

INC Ransom

Related changes

Favicon for www.cyber.gov.au ACSC Publishes Guidance on Frontier AI Cyber Threat Landscape
Priority review Apr 23, 2026 Australia ACSC Home Data Privacy & Cybersecurity
Favicon for www.cyber.gov.au LEO SATCOM Security Risks and Mitigations Guidance Released
Priority review Apr 23, 2026 Australia ACSC Home Data Privacy & Cybersecurity
Favicon for www.oaic.gov.au eSafety and OAIC Sign MOU on Privacy and Online Safety Cooperation
Routine Apr 23, 2026 OAIC Media Centre Data Privacy & Cybersecurity

Get daily alerts for Australia ACSC Home

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.cyber.gov.au
Australia ACSC Home cyber.gov.au/about-us/view-all-content/news
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from ACSC.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
ACSC
Instrument
Guidance
Branch
Executive
Joint with
CERT Tonga NZ NCSC
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Government agencies Healthcare providers Technology companies
Industry sector
5112 Software & Technology
Activity scope
Ransomware threat response Network security monitoring Data exfiltration prevention
Geographic scope
Australia AU

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Consumer Protection Criminal Justice

Browse Categories

Agriculture & Food Safety 79 AI Regulation 3 Banking & Finance 482 Consumer Protection 123 Courts & Legal 458 Data Privacy & Cybersecurity 142 Defense & National Security 52 Education 64 Energy 113 Environment 168 Gaming 2 Government & Legislation 497 Healthcare 15 Healthcare & Life Sciences 387 Immigration 11 Insurance 87 Labor & Employment 184 Pharma & Drug Safety 21 Professional Licensing 6 Real Estate & Housing 74 Securities & Markets 170 Tax 104 Telecom & Technology 50 Trade & Sanctions 159 Transportation 116

Get alerts for this source

We'll email you when Australia ACSC Home publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!