Exclusive: Aussie data not compromised as part of cyber attack on Distinctive Systems

The INC Ransom hacking group listed the company as a victim on its darknet leak site on 29 January, alongside several internal documents and contracts as proof of hack. The hackers also claimed – in error – that the company was Australian, a claim amplified by many open-source ransomware trackers.

Distinctive Systems is investigating the incident.

“We are aware of, and are investigating, a current security incident which we first discovered on 19 January 2026. We immediately engaged external IT security experts, and we are confident that our systems are now secure,” a Distinctive Systems spokesperson told Cyber Daily.

“We have made all notifications relating to the incident, which we understand to be appropriate at this stage. The technical forensic investigations to date have indicated that no personal data relating to our services carried out in Australia has been impacted.”

The spokesperson said Distinctive Systems will continue to take all appropriate steps to secure its data.

Who is INC Ransom?

VIEW ALL

INC Ransom was first observed in August 2023 and has claimed 649 victims since then, making it one of the top five most active ransomware groups at the time of writing. It is a ransomware-as-a-service operation, offering its ransomware expertise to any hacker in return for a cut of any profits.

The group uses spear-phishing tactics to gain initial access and double extortion to pressure its victims – this means it exfiltrates data from a victim’s network before encrypting it in place.

The victim must then pay a ransom not only to recover the data encrypted on its own systems but also to ensure that it is not published to the darknet or sold to another threat actor.

INC Ransom has claimed a total of 17 Australian victims over the years, with the most recent being West Australian mining company Avenira, which was added to INC Ransom’s leak site in late December 2025.