Ransomware Group: INCRANSOM

VICTIM NAME: mysfa[.]org

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the organization operating under the domain mysfa.org, which provides specialized support services for individuals with developmental disabilities. The organization has a long-standing history since 1984 and operates in the US, primarily serving the Sarnia-Lambton, Chatham-Kent, and Windsor-Essex regions. Their services include residential homes and supported independent living, with a focus on personalized, person-centered planning to enhance quality of life. The leak was discovered on May 30, 2025, and the attack occurred on the same day, affecting their digital infrastructure. The leak includes information related to the organization’s operations, though no specific sensitive details such as PII appear to be publicly exposed in the available data.

The leak page also indicates the presence of data leaks and the public availability of a ransom claim URL hosted on a dark web link. While the content does not specify the nature of the compromised data or provide explicit screenshots, it underscores the importance of cybersecurity measures for organizations handling sensitive community support information. The organization appears unconnected to any third-party data collectors or external entities related to the breach, and no additional leaks or duplicates are reported. The incident emphasizes the necessity for robust security protocols in healthcare and social services sectors to prevent unauthorized access and protect vulnerable populations.