Ransomware Group: INCRANSOM

VICTIM NAME: k12albemarle[.]org

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page details a significant data breach involving the educational organization operating the domain k12albemarle.org based in the United States. The incident was publicly disclosed on July 12, 2025, with the attack date recorded as July 11, 2025. The breach affected the organization’s internal systems, which employ over 1,300 staff members. The compromised data includes sensitive information related to employees, students, and third-party vendors. The attackers obtained a substantial volume of data, estimated at 229 gigabytes, potentially including internal documents, records, and other operational information. The leak page features a screenshot of some internal content, indicating the seriousness of the breach and the scope of information exposed.

The victim is a prominent educational institution dedicated to high-quality teaching and inclusive learning. The organization emphasizes efforts to eliminate biases based on race, class, or gender and to build strong relationships with families and communities to support student success. The attack appears to target the organization’s infrastructure, potentially exposing internal communications, operational details, and shared data about their mission and values. Authorities have noted the presence of multiple infostealers, including RedLine, Lumma, and other malware, which were used during the intrusion. The threat actors, associated with the ‘incransom’ group, have shared this information publicly, along with details about the scope of data accessed.

The leak page also mentions that this incident involves multiple third-party entities and indicates ongoing data exfiltration activities. No specific personal details of students or staff are explicitly disclosed, though the volume of leaked data suggests a significant risk of sensitive information being compromised. The publicly available information underscores the importance of immediate investigation and remediation efforts by cybersecurity and organizational teams to mitigate potential misuse of the stolen data. The attack raises awareness of the vulnerability of educational systems to targeted ransomware campaigns, emphasizing the need for strengthened cybersecurity measures.