12:00pm, 6 March 2026
TLP Rating:
INC Ransom affiliate model enabling targeting of critical networks
The National Cyber Security Centre (NCSC) along with international partners has issued a joint advisory that:
- highlights the activity of ransomware group INC Ransom and their affiliate network, and the threat their operations currently pose to networks hosted in Australia, New Zealand, and Pacific Island states.
- encourages network defenders to read and apply the mitigations described in this advisory. The advisory is intended to be understood by both general and technical users.
Partners include:
- Australian Cyber Security Centre (ACSC)
- CERT Tonga
What's happening
Systems affected
INC Ransom operates a Ransomware-as-a-Service (RaaS) operation. INC Ransom affiliates have compromised organisations worldwide, including Australia, New Zealand and the Pacific Island states since 2023.
What this means
The authoring agencies recommend organisations and government ministries implement the controls within this advisory to reduce the risk of compromise by INC Ransom and to enhance detection of this threat.
What to do
Mitigation
Organisations should maintain regular and tested backups of data, restrict network traffic to only what is required for business operations, harden remoted access services, restrict remote management tools, implement multi-factor authentication, control privileged access and maintain robust vulnerability management.
More information
Download the advisory. [PDF, 679 KB]
If you require more information or further support, submit a report on our website:
Report an incident External Lin External Link .
If you need assistance using the tool, call us on 0800 114 115. Calling us is free within New Zealand. We’re open 7am to 7pm, Monday to Friday, and we’re closed on public holidays.
How helpful was this page?
This site is protected by reCAPTCHA and the Google Privacy Policy External Link and Terms of Service External Link apply.