Australia: Australian Cyber Security Centre, National Computer Emergency Response Team of Tonga, and New Zealand National Cyber Security Centre issued joint advisory on INC Ransom

On 6 March 2026, the Australian Cyber Security Centre, the National Computer Emergency Response Team of Tonga, and the New Zealand National Cyber Security Centre issued a joint advisory on the activities of the ransomware group INC Ransom and its affiliate network affecting organisations in Australia, New Zealand and Pacific island states. The advisory states that INC Ransom operates a ransomware-as-a-service model in which affiliated actors gain access to victim networks through compromised credentials, phishing campaigns or exploitation of vulnerabilities in internet-facing systems. The group uses double-extortion tactics by stealing sensitive data before encrypting systems and threatening to publish the data on a leak site if a ransom is not paid. The advisory notes incidents affecting organisations in several sectors, including healthcare entities in Australia, Tonga and New Zealand. It also provides mitigation guidance for organisations and government entities, including maintaining secure backups, implementing multi-factor authentication, restricting privileged access, strengthening vulnerability management and improving monitoring and incident detection.