Ransomware Group: INCRANSOM

VICTIM NAME: Mount Rogers Community Services

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to Mount Rogers Community Services, an organization based in the United States that provides mental health, developmental disability, and substance use services across several counties and the city of Galax. The attack was publicly disclosed on June 10, 2025, indicating a compromise of sensitive organizational data. The leak includes a published claim URL on the dark web, which typically contains details about the breach and the data involved. Visual evidence such as a screenshot has been shared, showing internal documents or related information, although the specifics are not disclosed. This incident highlights the cybersecurity risks faced by public sector entities managing critical health and social services, emphasizing the importance of robust data protection measures. The leak could potentially impact the confidentiality of client and organizational information, underscoring the ongoing threat to healthcare and community service providers from malicious cyber actors.

The compromised data likely includes internal records or documents relevant to the organization’s operations. The leak is associated with the group known as incransom, which is known for targeting public sector entities. The victim’s vulnerability was publicly acknowledged, with the incident documented on a specialized ransomware tracking platform. Authorities and cybersecurity professionals view such leaks as serious threats, especially when they involve organizations that serve vulnerable populations. The public disclosure aims to raise awareness about the incident, urging protective measures and increased vigilance among similar organizations. No personally identifiable or sensitive individual data are detailed in the available information, but the potential exposure of organizational data poses significant operational risks and reputational damage.