
Mount Rogers Community Services has appeared on a ransomware gang’s dark web leak site, with attackers suggesting they stole multiple private details from the organization’s systems.
Ransomware gangs have few qualms about what organizations to attack. For example, the prominent INC Ransom cartel added Mount Rogers Community Services, a mental health care provider, as their latest victim.
We have reached out to Mount Rogers for comment and will update the article once we receive a reply.
Cybercrooks often steal company data and threaten to publish it if their ransom demands are not met. To prove their point, threat actors shared samples of the supposedly stolen data. The Cybernews research team investigated the data, concluding that it doesn’t appear extremely sensitive, given that Mount Rogers provides mental health, developmental disability, and substance use services.

However, according to the team, exposed details appear to include:
- Names
- Addresses
- Salaries
- Invoices
- Personal emails
- Messages
- Confidentiality agreements
Our researchers believe that attackers can exploit the stolen data for numerous purposes, such as carrying out phishing attacks or attempting to steal individuals’ identities.
“Wages, invoices, and internal documents can be used in phishing attacks or social engineering attacks, potentially compromising the company's systems. This data leak can severely damage the company's reputation and expose it to legal and financial consequences,” the team said.
Unfortunately, the Virginia-based Mount Rogers is far from the only mental health clinic targeted by cybercrooks. We recently reported that attackers breached the Community Counseling of Bristol County (CCBC), a behavioral health center. In that case, attackers took sensitive health information.
Earlier this month, threat actors breached the Georgia-based Mental Health Association (MHA), taking some patients’ sensitive details, including diagnoses and prescribed medication.
Meanwhile, INC Ransom is one of the most prominent ransomware cartels currently operating. First observed in July 2023, the cyber cartel has been inching towards the top, with victims like a DoD defense contractor, Stark AeroSpace, the San Francisco Ballet, the City of Leicester in England, the NHS Dumfries and Galloway Health Board of Scotland, and the Xerox Corporation on its list.
According to Cybernews’ dark web monitoring tool, Ransomlooker, INC Ransom has victimized at least 163 organizations over the past 12 months.
Your email address will not be published. Required fields are markedmarked