DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

INC Ransomware claims to have hit Federal Labor Relations Authority

Posted on October 6, 2023 by Dissent

On September 20, a relatively new ransomware gang called INC Ransomware added the Federal Labor Relations Authority to their leak site. As proof, they offered six images of files, two of which appear to contain personal information from cases or submissions involving care.

FLRA listing on INC Ransomware included 6 image files.
Image and redaction by DataBreaches.net

In response to a request from this site, INC also provided DataBreaches with a filetree of the server they claim to have compromised. That 31.5 MB text file, called “230931090.alldir” began:

7-Zip (A) 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18

Listing archive: confid.7z

—
Path = confid.7z
Type = 7z
Method = Delta LZMA2
Solid = +
Blocks = 6
Physical Size = 7359420307
Headers Size = 207451

Date Time Attr Size Compressed Name
——————- —– ———— ———— ————————
2023-08-26 17:17:40 D…. 0 0 confid
2023-08-26 16:52:01 D…. 0 0 confid\05-0014 confidential
2023-08-26 16:52:12 D…. 0 0 confid\1 DGC Confidential
2023-08-26 16:52:12 D…. 0 0 confid\1 DGC Confidential\checked in
2023-08-26 16:52:13 D…. 0 0 confid\1 DGC Confidential\Performance Standards
2023-08-26 17:17:40 D…. 0 0 confid\11-0160-USMint-Denver-Confidentiality-Statements
2023-08-26 17:17:40 D…. 0 0 confid\14-0006-WAPA-CU-confidential
2023-08-26 17:17:40 D…. 0 0 confid\14-0011-Army-COE-KC-CU-confidential
2023-08-26 16:52:03 D…. 0 0 confid\14-0019 BOP Florence Confid
2023-08-26 16:52:03 D…. 0 0 confid\14-0021 Steve Hollis Confid
2023-08-26 16:51:52 D…. 0 0 confid\7112b2 confidential
2023-08-26 17:06:04 D…. 0 0 confid\ADR Act Confidential Content
2023-08-26 16:52:20 D…. 0 0 confid\ADR Act Confidential Content\. from shared 073117
2023-08-26 16:52:20 D…. 0 0 confid\ADR Act Confidential Content\16-00x
2023-08-26 16:52:21 D…. 0 0 confid\ADR Act Confidential Content\3333 -40-
2023-08-26 16:52:22 D…. 0 0 confid\ADR Act Confidential Content\3334 -1-
2023-08-26 16:52:22 D…. 0 0 confid\ADR Act Confidential Content\3338 -13-
2023-08-26 16:52:23 D…. 0 0 confid\ADR Act Confidential Content\3343 -1-
2023-08-26 16:52:23 D…. 0 0 confid\ADR Act Confidential Content\3344 -5-
2023-08-26 16:52:24 D…. 0 0 confid\ADR Act Confidential Content\3344 -5-\NG
2023-08-26 16:52:24 D…. 0 0 confid\ADR Act Confidential Content\3346 -1-
2023-08-26 16:52:24 D…. 0 0 confid\ADR Act Confidential Content\3346 -1-\NG 3346
2023-08-26 16:52:24 D…. 0 0 confid\ADR Act Confidential Content\3348 -2-

There was a lot more.

DataBreaches reached out to FLRA  twice via email — on September 24 and October 3 — to inquire about the claimed attack. In the emails, DataBreaches included the information above from the filetree.  FLRA has not responded at all.   INC Ransomware did respond, however, to some, but not all, questions DataBreaches put to them.

INC declined to reveal when they first gained access to FLRA or how they first gained access. They confirmed that the August 26 date in the file tree was the date exfiltration of data began and informed DataBreaches that they acquired 29 GB of files — all of the files listed in the filetree that they had provided DataBreaches.

INC’s spokesperson also informed DataBreaches that they had sent FLRA a note to contact them and that they were demanding $700k. They state FLRA never responded to them at all.

They declined to show DataBreaches a copy of their ransom note, but did respond to an inquiry by saying that FLRA never detected them or kicked them out of the network while they were in it.

INC’s spokesperson declined to provide any information about their ransomware, but did say that they had locked all files and backups for what they hit.

Not much is known about INC Ransomware as yet. DataBreaches will continue to monitor the listing and will update this post if additional information becomes available, but notes that although a lot of data was provided that seem to support INC’s claims, there has been no confirmation from FLRA at this point.

No related posts.

Category: Breach IncidentsGovernment SectorMalwareU.S.

Post navigation

← Ransomware gang QakBot resurfaces after Feds’ botnet takedown
Parkers Chapel School District network hacked; FBI investigating →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.