Ransomware Group: INCRANSOM

VICTIM NAME: mycpaconnection[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 16, 2025, a leak page published by the group incransom concerns the victim identified by the domain mycpaconnection[.]com. The victim is described as operating in the Financial Services sector with an accounting services profile, listing 25 employees and approximately $5 million in annual revenue. The post presents the incident as a data-leak rather than a full encryption event and states that roughly 136 GB of data were exfiltrated. The page includes 15 image attachments that appear to be screenshots or internal documents, hosted via Tor (.onion) links, with the actual addresses not shown in this summary. A tag reading SENSITIVE DATA_$ is present, underscoring the sensitive nature of the material. A claim URL is provided on the page, but there are no publicly downloadable files listed. The timestamp attached to the leak is 2025-08-16 23:48:00.000000, which should be treated as the post date since no explicit compromise date is provided. The body excerpt reiterates the victim domain in uppercase.

PII such as phone numbers present in the source data are redacted, and the page emphasizes a data-leak scenario with a substantial data volume but does not disclose a ransom amount in the visible content. The presence of 15 images plus a claim URL aligns with common ransomware-leak tactics that use image evidence to illustrate data scope and to prompt negotiation or payment, without delivering a decryptor. No downloads are shown on the leak page, reinforcing the impression of a public-facing data-leak warning rather than a decryptor-focused claim. In summary, the page depicts a data-leak incident affecting mycpaconnection[.]com, indicating around 136 GB of data purportedly exfiltrated, supported by 15 image attachments and a post-date timeline, rather than a confirmed compromise date.