Ransomware Group: INCRANSOM

VICTIM NAME: WELLSLANDSCAPING[.]COM

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On October 6, 2025, a leak page published by the ransomware group incransom references WELLSLANDSCAPING[.]COM as a victim. The US-based company operates in the consumer services sector and provides lawn and garden care, onsite consultation, landscape design, installation, and maintenance. The page presents a breach disclosure consistent with ransomware data-leak sites, indicating that data exfiltration occurred and noting that a claim URL is available for the victim to respond. The post lists a substantial data footprint—approximately 14 GB—and references 21 image attachments, described in the metadata as screenshots or internal documents. Several embedded images bear country flag icons, suggesting material tied to multiple locales. The page’s body excerpt displays only the domain name WELLSLANDSCAPING[.]COM. There is no explicit ransom amount disclosed on the page, and there is no separate compromise date provided in the dataset. The post date is October 6, 2025.

According to the metadata, the page includes a business profile noting about 25 employees and roughly $5 million in annual revenue, portraying Wells Landscaping as a licensed and insured professional services firm. A claim URL is indicated on the leak page, consistent with ransomware leakage patterns, but the public excerpt does not reveal a ransom figure. The 21 attached images appear to be internal documents or screenshots, with country flag icons among the visuals implying material connected to multiple locales. PII such as phone numbers or emails is redacted on the leak page, and no direct contact details are shown in the excerpt. The leak is attributed to the incransom group, and the data volume (~14 GB) underscores a sizeable data exfiltration, though no explicit encryption status is stated in the available excerpt.