Inc. A security breach presumed to be in the form of ransomware has occurred, and
we would like to confirm the situation and provide a warning as follows.

Inc ransomware

The ransomware is called Inc and appears to be changing all files with the file name and extension. INC.

How it works

file version

[Figure 1 Ransomware executable file compiler information]

[Figure 2 File information in window properties]

Ransomware operation characteristics

• It was written in C++ and is encrypted after changing the desktop image by changing the register value.

  
  [Figure 3 Dynamic code for creating images in temporary files and changing registry desktop values]

  
  [Figure 4 Image saved in temporary folder]

  
  [Figure 5 Registry with changed wallpaper (WallPaper) settings]

  
  [Figure 6 Among the folders being searched, folders that are exceptions to the target]

Infection results

The information file is created as <INC-README.txt> in each path, and when encryption is performed, the files are changed to <filename.extension.INC> and the desktop is changed upon completion.

[Figure 7 Infection results]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.

[Figure 9 Block message]

Watch the Inc blocking video