Ransomware Group: INCRANSOM

VICTIM NAME: cityofgardendale[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

This dark web leak pertains to the city of Gardendale in the United States, a public sector organization providing fire, medical, and technical services to a community covering approximately 50 square miles. The attack was discovered on July 4, 2025, at 18:48 local time, and the incident involved the unauthorized exfiltration of approximately 45 gigabytes of data. The organization employs around 91 staff members, including a full-time Fire Chief, Fire Marshal, and eighteen paramedics. They operate from a main fire station and are planning to expand with additional satellite stations. The leaked information includes operational details, contact numbers, and general organizational descriptions, all of which could impact public safety and operational security. The breach appears to involve the use of an infostealer malware, although specific internal system details or compromised accounts are not provided. A screenshot of internal documents has been made available for review. The leak underscores the importance of cybersecurity measures to protect critical public services from targeted ransomware attacks.

The publicly accessible data leak includes a URL link to the affected organization’s website and a claim link on the dark web, along with a visual screenshot illustrating some internal data. The leak exposes the department’s operational scope, including budget and staffing levels, as well as contact information, but no personally identifiable information has been disclosed. The incident remains under investigation, with authorities monitoring the threat group responsible, identified as “incransom.” This event highlights the growing threat of ransomware targeting government agencies, emphasizing the need for enhanced cybersecurity protocols. The leak poses potential risks to operational security, public safety, and organizational reputation, underlining the necessity for continuous data security improvements in public sector entities.