A ransomware group with ties to Russia, known as INC Ransom, claims it has stolen 260GB of data from the municipal systems of Thomasville, a small city in North Carolina with a population of about 28,000.
On July 1st, the group added Thomasville’s name to its dark web leak site, a tactic commonly used by cybercriminals to pressure victims into paying a ransom. To prove their claims, INC Ransom published sample files including Excel sheets with financial records, folders detailing city operations, and urban planning documents.
Active since July 2023, INC Ransom has already claimed over 230 victims, according to Cybernews' dark web tracker RansomLooker. The group follows a multi-extortion model, stealing and threatening to leak data in addition to encrypting systems. Their ransom notes often include a strange promise to help secure the victim’s network in exchange for payment.
INC Ransom targets a wide range of organizations without discrimination. Its list of past victims includes hospitals, schools, local governments, and major corporations. High-profile cases involve Stark AeroSpace, the San Francisco Ballet, the City of Leicester in the UK, NHS Dumfries and Galloway in Scotland, and Xerox. Ahold Delhaize, a global retail giant valued at $99 billion, has also appeared on their leak site.
More recently, the group even claimed responsibility for breaching a cemetery, adding The Catholic Cemeteries of the Diocese of Hamilton in Canada to its victim list.
As of now, Thomasville officials have not publicly confirmed the breach or commented on the situation.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
