DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

INC Ransomware claims to have hit Federal Labor Relations Authority

Posted on October 6, 2023 by Dissent

On September 20, a relatively new ransomware gang called INC Ransomware added the Federal Labor Relations Authority to their leak site. As proof, they offered six images of files, two of which appear to contain personal information from cases or submissions involving care.

FLRA listing on INC Ransomware included 6 image files.
Image and redaction by DataBreaches.net

In response to a request from this site, INC also provided DataBreaches with a filetree of the server they claim to have compromised. That 31.5 MB text file, called “230931090.alldir” began:

7-Zip (A) 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18

Listing archive: confid.7z

—
Path = confid.7z
Type = 7z
Method = Delta LZMA2
Solid = +
Blocks = 6
Physical Size = 7359420307
Headers Size = 207451

Date Time Attr Size Compressed Name
——————- —– ———— ———— ————————
2023-08-26 17:17:40 D…. 0 0 confid
2023-08-26 16:52:01 D…. 0 0 confid\05-0014 confidential
2023-08-26 16:52:12 D…. 0 0 confid\1 DGC Confidential
2023-08-26 16:52:12 D…. 0 0 confid\1 DGC Confidential\checked in
2023-08-26 16:52:13 D…. 0 0 confid\1 DGC Confidential\Performance Standards
2023-08-26 17:17:40 D…. 0 0 confid\11-0160-USMint-Denver-Confidentiality-Statements
2023-08-26 17:17:40 D…. 0 0 confid\14-0006-WAPA-CU-confidential
2023-08-26 17:17:40 D…. 0 0 confid\14-0011-Army-COE-KC-CU-confidential
2023-08-26 16:52:03 D…. 0 0 confid\14-0019 BOP Florence Confid
2023-08-26 16:52:03 D…. 0 0 confid\14-0021 Steve Hollis Confid
2023-08-26 16:51:52 D…. 0 0 confid\7112b2 confidential
2023-08-26 17:06:04 D…. 0 0 confid\ADR Act Confidential Content
2023-08-26 16:52:20 D…. 0 0 confid\ADR Act Confidential Content\. from shared 073117
2023-08-26 16:52:20 D…. 0 0 confid\ADR Act Confidential Content\16-00x
2023-08-26 16:52:21 D…. 0 0 confid\ADR Act Confidential Content\3333 -40-
2023-08-26 16:52:22 D…. 0 0 confid\ADR Act Confidential Content\3334 -1-
2023-08-26 16:52:22 D…. 0 0 confid\ADR Act Confidential Content\3338 -13-
2023-08-26 16:52:23 D…. 0 0 confid\ADR Act Confidential Content\3343 -1-
2023-08-26 16:52:23 D…. 0 0 confid\ADR Act Confidential Content\3344 -5-
2023-08-26 16:52:24 D…. 0 0 confid\ADR Act Confidential Content\3344 -5-\NG
2023-08-26 16:52:24 D…. 0 0 confid\ADR Act Confidential Content\3346 -1-
2023-08-26 16:52:24 D…. 0 0 confid\ADR Act Confidential Content\3346 -1-\NG 3346
2023-08-26 16:52:24 D…. 0 0 confid\ADR Act Confidential Content\3348 -2-

There was a lot more.

DataBreaches reached out to FLRA  twice via email — on September 24 and October 3 — to inquire about the claimed attack. In the emails, DataBreaches included the information above from the filetree.  FLRA has not responded at all.   INC Ransomware did respond, however, to some, but not all, questions DataBreaches put to them.

INC declined to reveal when they first gained access to FLRA or how they first gained access. They confirmed that the August 26 date in the file tree was the date exfiltration of data began and informed DataBreaches that they acquired 29 GB of files — all of the files listed in the filetree that they had provided DataBreaches.

INC’s spokesperson also informed DataBreaches that they had sent FLRA a note to contact them and that they were demanding $700k. They state FLRA never responded to them at all.

They declined to show DataBreaches a copy of their ransom note, but did respond to an inquiry by saying that FLRA never detected them or kicked them out of the network while they were in it.

INC’s spokesperson declined to provide any information about their ransomware, but did say that they had locked all files and backups for what they hit.

Not much is known about INC Ransomware as yet. DataBreaches will continue to monitor the listing and will update this post if additional information becomes available, but notes that although a lot of data was provided that seem to support INC’s claims, there has been no confirmation from FLRA at this point.

Category: Breach IncidentsGovernment SectorMalwareU.S.

Post navigation

← Ransomware gang QakBot resurfaces after Feds’ botnet takedown
Parkers Chapel School District network hacked; FBI investigating →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.