Ransomware Group: INCRANSOM

VICTIM NAME: Afpa

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware group has announced a data breach involving the Afpa Group, a prominent organization specializing in vocational and adult education in France. The attack was discovered on August 6, 2025, and the group claims to have accessed and extracted approximately 5 terabytes of sensitive and personal data. This incident has been publicly disclosed through an online leak page, which indicates that a significant volume of confidential information has potentially been compromised, including details about employees and operational data.

The leak page provides visual evidence in the form of a screenshot, which appears to display internal documents or system interfaces related to the victim organization. The attack appears to be part of a broader campaign by the hacking group known as “incransom,” which specializes in targeted data breaches and extortion. The group has stated intentions to publish the stolen data on their blog, risking exposure of individuals’ personal data and organizational information. The breach underscores vulnerabilities in the data security of educational institutions, particularly those managing large quantities of personal and professional data.

The incident highlights the presence of multiple infostealers such as Raccoon and RedLine, which are likely used by the attackers to extract information from systems. The group reports having 5,201 users associated with their operations and claims to have targeted or accessed data related to 77 third-party entities. The attack has raised concerns about data privacy, cybersecurity vulnerabilities, and potential misuse of the stolen information in malicious campaigns. While specific details about the data contents are not provided publicly, the breach represents a serious threat to the privacy and security of the affected organization and its stakeholders.