Ransomware Group: INCRANSOM

VICTIM NAME: npfy[.]org

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to an organization dedicated to youth mentorship and community development, based in Phoenix, Arizona. The organization operates within the education sector, aiming to support young people through comprehensive programs that promote holistic growth and educational achievement. The leak indicates that approximately 70 gigabytes of data were compromised, including organizational information, possibly related to operational resources and internal data. The attack was publicly disclosed on May 16, 2025, and the victims’ website has been archived with a screenshot showing internal content. The leak could potentially expose confidential organizational information, although no specific PII was publicly listed, and the content appears primarily related to organizational activities and resources. The threat actors may have gained access to sensitive data such as organizational files, which could include internal communications or operational documents.

The leak page features a screenshot of internal documents and a download link indicating that a substantial volume of data—70GB—has been exfiltrated. The compromised data may impact the organization’s operations, potentially exposing internal communications, administrative files, and other sensitive information. The targeted organization has a revenue of approximately $5 million and employs 33 staff members. The organization’s website, npfy.org, remains accessible but is now associated with the ransomware incident. The attack highlights the importance of cybersecurity measures in protecting organizations involved in community service and educational support. No explicit personal or sensitive individual data was evident in the leak summary, but the incident underscores the risks facing organizations in the digital age, especially regarding internal data security and operational confidentiality.