INC Ransomware Gang's Operational Security Failure Exposes Stolen Data from 12 U.S. Organizations

An operational security failure by the INC ransomware gang allowed researchers to recover stolen data from twelve American organizations. The error involved the incorrect configuration of an Amazon S3 server used to store exfiltrated data, leaving the bucket publicly accessible. Researchers were able to download approximately 3 TB of data belonging to the victims before the gang fixed the flaw. The INC ransomware, active since 2023, employs double extortion by encrypting systems and threatening to publish the stolen data.