ACSC, NCSC, and CERT Tonga warn of rising INC Ransom attacks targeting Australia, New Zealand, and Pacific networks via affiliate ransomware campaigns.

Cyble's publication is a resource for cybersecurity professionals and businesses seeking to stay ahead of evolving cyber threats. Through detailed analysis of threat intelligence, cybersecurity trends, and real-world cyber incidents, Cyble provides  insights into emerging threats, cyber attack tactics, and risk mitigation strategies. Readers can learn about threat detection methodologies, vulnerability assessment techniques, incident response protocols, and compliance standards to enhance their cybersecurity posture. Additionally, Cyble offers expert commentary, best practices, and actionable recommendations to help organizations protect their digital assets, safeguard sensitive data, and maintain business continuity in the face of cyber threats.

Cyble

A joint advisory from ACSC, NCSC, and CERT Tonga warns of escalating INC Ransom ransomware attacks targeting organizations in Australia, New Zealand, and Pacific Island states. Active since mid-2023 and believed to be Russia-based, INC Ransom operates as a Ransomware-as-a-Service platform with a distributed affiliate model. Between July 2024 and December 2025, ACSC tracked 11 incidents primarily hitting healthcare and professional services. Notable incidents include a June 2025 attack on Tonga's Ministry of Health and a May 2025 breach of a New Zealand health organization. Affiliates gain access via spear-phishing, unpatched systems, and purchased credentials, then use tools like rclone, 7-Zip, and WinRAR for data exfiltration before deploying encryption. The advisory recommends backups, MFA, privileged access management, network traffic restriction, and vulnerability patching as key defenses.

INC Ransom Threat Targets Australia And Pacific Networks

The INC Ransom Affiliate Model and the RaaS Ecosystem

Health Infrastructure Disruption in Tonga

Defensive Measures Recommended by ACSC, NCSC, and CERT Tonga

Growing Regional Collaboration Against the INC Ransom