Hackers claim they snatched city budgets and plans from a North Carolina town

A notorious Russia-linked ransomware gang claims to have 260GB of data from a North Carolina city.

The ransomware gang known as INC Ransom is claiming responsibility for a breach of Thomasville, a small city in Davidson County, North Carolina, with a population of 28,000.

The gang posted Thomasville’s name to its dark web leak site on July 1st, signaling that the city may have joined the growing list of local governments hit by cybercriminals. Ransomware groups frequently use public leak sites as a way to threaten victims and force them to pay ransom.

According to INC’s post, it has exfiltrated 260 gigabytes of data from municipal systems. As is standard in digital extortion tactics, the group released sample files to prove the breach. The leaked materials include Excel spreadsheets with financial records, folders related to city operations, and urban planning documents.

Cybernews reached out to Thomasville officials for comment, but a response has yet to be received.

Who is INC Ransom?

INC Ransom, likely linked to Russia, is one of the newer names on the cybercrime circuit, but it’s moving fast. Since its emergence in July 2023, the gang has claimed 234 victims, according to Cybernews' dark web monitoring tool RansomLooker.

It runs a multi-extortion operation, which means it doesn’t just encrypt the victim’s files – it steals data and threatens to leak it if not paid. The demands also come with a twisted pitch – pay us, and we’ll make your systems more secure.

INC Ransom is known for not discriminating when it comes to targets. The gang has attacked hospitals, schools, governments, and tech companies.

Don’t miss our latest stories on Google News.

Follow us

The cyber cartel has been inching towards the top of the most prolific offenders, with victims like DoD defense contractor Stark AeroSpace, the San Francisco Ballet, the City of Leicester in England, the NHS Dumfries and Galloway Health Board of Scotland, and the Xerox Corporation on its list.

Among the victims is also Ahold Delhaize, the $99 billion retail titan behind your local Stop & Shop and Albert Heijn. Mount Rogers Community Services has also appeared on a ransomware gang’s dark web leak site, with attackers suggesting that it stole multiple private details from the organization’s systems.

INC Ransom also managed to hack a cemetery. In June, the gang added The Catholic Cemeteries of the Diocese of Hamilton in Canada to its dark web forum.