IMNCrew is a financially motivated ransomware and extortion group first observed in late March 2025. The group initially focused solely on data exfiltration and extortion, but later evolved to also deploy encryption payloads, using the .imn file extension for encrypted data. They launched their dedicated leak site around April 15, 2025, to publish exfiltrated victim data. Unlike many other emerging ransomware groups, IMNCrew has no confirmed associations with established operations. Their operational style is characterized by being polite and not overly aggressive during ransom negotiations. The group primarily targets small to medium-sized businesses across various sectors.