Ransomware Group: INCRANSOM

VICTIM NAME: trocaire[.]edu

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Trocaire College, a private educational institution founded in 1958 and located in Buffalo, New York. The institution primarily offers healthcare, business, hospitality, and technology programs, catering to a diverse student body with a focus on personal development and community service. According to the leak, a substantial amount of data, approximately 310 gigabytes, has been compromised, potentially including sensitive information related to the college’s operations and constituents. The attack was publicly disclosed on April 15, 2025, and the cybersecurity group claims responsibility, indicating a targeted breach aimed at extracting valuable information from the institution’s systems.

The leak demonstrates the presence of multiple information-stealing tools such as RedLine, Raccoon, Lumma, and others, suggesting that cybercriminals used sophisticated malware to exfiltrate data. The compromised data potentially includes details about employees, third-party partners, and internal systems. The affected organization has around 217 employees and an annual revenue of approximately $24.6 million, placing it as a significant entity within the education sector. Additionally, a screenshot of internal documents or system interfaces is included in the leak, further emphasizing the extent of the breach. The leak’s public availability and the detailed dissemination of the information indicate a deliberate effort by cybercriminals to disrupt the institution’s operations and leverage the stolen data for extortion or other malicious activities.