The ransomware incident involving finanzconsult-immobilien.de, attributed to the threat actor incransom, appears to be part of a sophisticated operation combining multiple facets such as location-specific targeting, architecture, and profitability, resulting in an estimated revenue of $15 million from the compromised 20GB of data. This attack underscores the threat actorβs strategic approach, leveraging industry expertise and market insights to maximize financial gain from their cyber intrusion.
Incident Details
- Victim: finanzconsult-immobilien.de
- Country: DE
- Actor: incransom
- Source: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/68277673ba68908013e8ea67
- Discovered: 2025-05-16 17:53:37.293884
- Published: 2025-05-16 10:31:00.000000
Information
- Incransom actor cooperatively combines location, concept, architecture, and profitability into a complete project package.
- Successful project development involves numerous surveys and decision-making processes related to land plots or their alternative uses.
- In residential areas, project development is not only about finding suitable plots within applicable building regulations but also about targeted, needs-based planning.
- This process relies on a well-established network of information providers, architects, and lawyers.
- The company has nearly 30 years of site experience in Dresden, with a large portfolio of completed projects, demonstrating extensive expertise and diverse approaches.
- The ransomware attack generated approximately $15 million in revenue.
- Data involved in the attack amounts to 20GB.
- Contact phone numbers: 0221 / 94 20 94 30 and 0351 / 84 07 80.
Disclaimer: This post is based on public claims made by the ransomware group "incransom". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.