Extorting the afterlife? Hackers breach cemetery, stealing personal data

Last updated: 13 June 2025
Hackers target cemetery in Canada
Image by Cybernews.

As if there was a lack of proof that ransomware gangs would target anyone, threat actors pushed the bar even lower, adding a cemetery to their list of victims.

One of the most prolific ransomware cartels currently in operation, INC Ransom, apparently managed to hack a cemetery. The gang recently added The Catholic Cemeteries of the Diocese of Hamilton in Canada to their dark web forum, used to showcase its latest victims.

As is usual in ransomware attacks, threat actors shared samples of the allegedly stolen data. The Cybernews research team cautiously investigated the sample, finding that attackers shared various documents and personal details.

ADVERTISEMENT

According to the team, the leaked details include:

  • Financial documents
  • Territory plans
  • Contracts
  • Names
  • Dates of birth
  • Employee pay slips
Hackers post cemetery data on the dark web
Attackers' post on the dark web. Image by Cybernews.

At least in theory, attackers could use these details against grieving customers for financial fraud and targeted scams. Threat actors could target grieving relatives, impersonating the funeral service provider, and tricking individuals into revealing sensitive personal information.

Meanwhile, INC Ransom is one of the most prominent ransomware cartels currently operating. First observed in July 2023, the cyber cartel has been inching towards the top, with victims like a DoD defense contractor, Stark AeroSpace, the San Francisco Ballet, the City of Leicester in England, the NHS Dumfries and Galloway Health Board of Scotland, and the Xerox Corporation on its list.

According to Cybernews’ dark web monitoring tool, Ransomlooker, INC Ransom has victimized at least 163 organizations over the past 12 months.

Konstancija Gasaityte profile Marcus Walsh profile Gintaras Radauskas Paulina Okunyte
Stay informed and get our latest stories on Google News
Google News Follow us

The gang is considered a multi-extortion operation – which means it not only encrypts and steals data but also threatens to publish it online if the victim doesn’t pay up. It appears to target a varied number of industry sectors at random, including attacks on the healthcare, education, and government sectors.

ADVERTISEMENT

While it’s unclear where the gang members come from, the vast majority of their victims are based in Western countries. At the same time, the gang doesn’t target organizations from the Commonwealth of Independent States (CIS), a tactic shared by many Russia-based cybercriminals.

Some researchers believe that the Lynx ransomware cartel is an offshoot or a rebrand attempt of individuals related to the INC Ransom cartel.

Share
Post
Share
Share
Share
More from Cybernews
Saudi industrial services group breached, hackers claim
Estimating age with augmented cameras in tobacco shops is a no-go, CNIL says
Law enforcement authorities bust international Microsoft scam call center
JD Vance’s Disneyland vacation sparks outrage, mockery
Samsung may be turning jewelry into AI-driven devices
A simple radio hack can emergency stop any train in North America, researchers warn
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked