INC Ransom Claims Saudi Arabia’s Tatweer Buildings Company Data Breach, Publishes Samples 

• INC Ransom announced the alleged breach of a government limited liability company within the Kingdom of Saudi Arabia.
• TBC is wholly owned by the Public Investment Fund, and the threat actors claim to have stolen sensitive company documents.
• Some samples have been released by the group and seem to include internal documents and operational information.

The INC Ransom hacking group has claimed responsibility for a significant ransomware attack targeting Saudi Arabia’s Tatweer Buildings Company, a key government entity overseeing infrastructure projects in the Kingdom. 

Early indications show that the hackers have published samples of stolen data to substantiate their claims, adding to the growing list of high-profile ransomware incidents targeting critical organizations worldwide.  

Though full details remain under investigation, the INC Ransom group alleges it accessed and exfiltrated sensitive information from Tatweer Buildings Company’s systems. 

Reports suggest that data samples already released by the group include internal documents and potentially critical operational information. 

This incident underscores the evolving tactics employed by ransomware groups, which increasingly apply double-extortion methods—demanding ransom payments not only to unlock encrypted systems but also to prevent the public release of stolen data.  

Tatweer Buildings Company has yet to issue a comprehensive statement on the claimed breach’s scope. If validated, this attack could expose confidential operational strategies.

Saudi Arabia, as a regional leader with ongoing megaprojects under Vision 2030, may be seen as offering attractive targets for cybercriminals motivated by financial or strategic gains.  

Organizations in the region are increasingly navigating threats from ransomware groups like INC Ransom, which are adapting their methods to exploit vulnerabilities across both technical systems and human behavior.