Ransomware: incransom claims threadinnovations (CA) — Technology

A new ransomware threat group, operating under the name "incransom," has been identified through claims published on the ransomware.live monitoring platform on May 22, 2026. This group appears to be targeting organizations within the technology sector, specifically those subject to the EU Cyber Resilience Act (CRA). The publication indicates that incransom is actively claiming responsibility for attacks, though the full scope of their methods and targets is still emerging. This development signals an increased risk for technology manufacturers, software developers, and digital product providers who must comply with the CRA’s cybersecurity requirements.

Compliance teams in the technology sector, particularly those responsible for products with digital elements, are directly affected. The CRA mandates that such organizations implement robust security measures throughout a product’s lifecycle, including vulnerability reporting and incident response. The emergence of incransom underscores the need for heightened vigilance, as failure to meet CRA obligations could lead to regulatory penalties and reputational damage.

Compliance teams should immediately review their incident response plans to ensure they align with CRA notification timelines and data breach reporting obligations. They should also assess their supply chain for potential exposure, as ransomware often propagates through third-party components. Finally, teams should monitor ransomware.live and other threat intelligence sources for updates on incransom’s tactics, and consider conducting a tabletop exercise to test readiness against a targeted ransomware attack.