Ransomware Group: INCRANSOM

VICTIM NAME: coruzcitywndata+

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page pertains to a victim identified as “coruzcitywndata+”. The attack was discovered on July 1, 2025, and the compromise date is also listed as the same day, indicating the incident occurred or was detected on that date. The victim appears to be associated with a data breach involving approximately 250 gigabytes of sensitive information, including financial data relevant to local services in Thomasville, North Carolina, United States. The city has historical ties to the furniture industry, and the data leak may involve municipal or service-related information. The page includes a screenshot of some internal content, emphasizing the leak’s nature.

Additional details suggest the attackers are part of a group named “incransom.” The leaked data and information about the breach are accessible via a specific claim URL, which is hosted on the dark web and provides further insight into the extent of the compromise. The data potentially includes financial information and service details relevant to the city, though no personally identifiable information (PII) about individuals is publicly disclosed. The leak appears to target municipal or service provider data, possibly aimed at causing disruption or extortion. The inclusion of screenshots underscores the seriousness of the breach, though explicit contents are not described in detail here.