Ransomware Group: INCRANSOM

VICTIM NAME: nboat[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak published on July 22, 2025, targets the domain nboat.com, related to the Marine insurance industry. The site is associated with a well-established organization in the United States that provides boating memberships and marine insurance services, with a history dating back to 1984. The leak indicates that the attackers have obtained and potentially compromised sensitive data from this victim, which could include internal documents or confidential information. The incident was discovered and flagged on the ransomware group’s platform, suggesting that the threat actors have claimed responsibility for the breach. The published screenshot shows visual evidence of data exfiltration or internal system access, though specific details of the compromised data are not disclosed publicly. Download links or leaked files may be available or referenced on the leak page, but explicit URLs are not provided in the summary.

The targeted organization operates with approximately 27 employees and generates annual revenue of about $9.6 million. Its main activities revolve around marine insurance, towing memberships, and safety products. The leak is part of a broader incursion group identified as “incransom,” which suggests ransomware was involved in the attack. No personal identifiers or PII from customers or employees are explicitly mentioned or shown in the leak overview. The incident’s timing and the leak’s contents suggest a significant breach potentially impacting confidential customer and operational data. The included screenshot points to internal system access, but the exact nature of the compromised information remains unspecified, emphasizing the importance of further investigation for affected parties.