Ransomware cartel claims Leicester City, shares data


The attack on Leicester City Council was claimed by INC Ransom cybercrime group, with attackers sharing residents’ passport details, bank statements, and other details as proof.

Attackers posted Leicester City Council on INC Ransom‘s dark web blog, which the gang employs to showcase and threaten its latest victims. Cybercrooks claim they‘ve siphoned three terabytes of data from the Council‘s systems.

The post includes a supposed “proof pack,” which contains 32 scanned documents. Those include passport copies, rent statements, bank statements, a driver’s license, and other sensitive documents.

We have contacted Leicester City Council for confirmation but did not receive a reply before publishing.

Attackers' post on a dark web blog. Image by Cybernews.

Last month, Leicester City Council suffered a significant cyberattack, forcing it to shut down many municipal services and disconnect phone lines. According to the Council’s statement, published on March 28th, or three weeks after the attack, it was still recovering, albeit “most” of the services were already recovered at that time.

Leicester is the tenth largest city in England, the largest in the nation’s East Midlands region, and home of the internationally known Leicester City Football Club. The city has a population of more than 350,000 within its borders, and another 550,000 live in the city’s outlying urban areas, according to census reports.

INC Ransom was first noted in July 2023. The gang is considered a multi-extortion operation – which means it not only encrypts and steals its target’s data but then threatens to publish it online if the victim doesn’t pay up. It appears to target a varied number of industry sectors at random, including attacks on the healthcare, education, and government sectors.

Most recently, the gang claimed to have breached NHS Scotland, taking three terabytes of the healthcare provider’s data. However, the gang actually breached NHS Scotland’s Dumfries and Galloway health board, one of fourteen boards that make up NHS Scotland.

According to Ransomlooker, Cybernews’ ransomware monitoring tool, INC Ransom has victimized at least 76 organizations over the last 12 months.