Ransomware Group: INCRANSOM

VICTIM NAME: ccrcda[.]org

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a public sector organization operating in the United States, specifically the Catholic Charities of the Diocese of Albany. The organization is a large, private social service agency serving over 89,000 individuals annually across fourteen counties. Its mission focuses on addressing basic human needs with an emphasis on aiding vulnerable populations, regardless of race, creed, or lifestyle. The leak indicates a significant data compromise involving approximately 200 gigabytes of sensitive information. The exposure was discovered on May 16, 2025, and the page includes a screenshot of internal documents, which may contain organizational details and contact information. It appears that the attacker has claimed to have compromised information related to the organization’s operations, though fully detailed data is not publicly disclosed.

The threat actor has listed an infostealer named RedLine among the malware used in the attack, and they have uploaded a screenshot of leaked data or internal documentation. The leak could potentially include confidential organizational, operational, and contact details, as suggested by the inclusion of employee names and phone numbers. Despite the breach, no personally identifiable or sensitive information such as PII or financial data is explicitly highlighted. The attackers seem to emphasize the volume of data compromised and provide a link to their leak page for further verification. The incident underscores the importance of cybersecurity measures for organizations handling sensitive community data, especially in the public sector field.