Sacred Ground, Unscathed No More: INC Ransom Leaks Data from Catholic Cemetery, Shocking Clients & Staff
Do Son 
Attackers' post on the dark web. Image by Cybernews.
One of the most provocative tales in cybercrime has taken an unexpected and chilling turn—within the solemn confines of a cemetery. The hacker collective known as INC Ransom, notorious for its global assaults on organizations, has now added a Canadian Catholic cemetery to its roster of victims, exposing documents containing sensitive personal data belonging to clients and staff. The incident underscores a grim reality: for today’s ransomware operators, no moral boundaries remain—no target is sacred, not even those who tend to the memory of the dead.
The target of the cyberattack was The Catholic Cemeteries of the Diocese of Hamilton, an institution responsible for burials and grave maintenance in Ontario. Evidence of the breach appeared on INC Ransom’s underground forum, where the group routinely publishes data from its latest victims. Among the leaked files were financial records, land plots, contracts, names and birthdates, and employee payroll information. Analysts have already confirmed the authenticity of several of the documents.
Particularly disturbing is the apparent inclusion of data relating to clients—that is, individuals grieving the loss of loved ones. Experts warn that this breach may open the door to targeted fraud, with threat actors potentially impersonating funeral service representatives to extort additional payments or manipulate victims in their most vulnerable state. Such pressure tactics could take the form of phone calls, phishing emails bearing counterfeit invoices, or demands for “data confirmation.”
INC Ransom ranks among the most active players on the cybercriminal stage. Since July 2023, the group has conducted at least 163 attacks. Its list of victims includes U.S. Department of Defense contractor Stark AeroSpace, the Leicester City Council in the UK, the San Francisco Ballet, Scotland’s Dumfries and Galloway Health Board, and the multinational corporation Xerox.
The group employs a multilayered extortion strategy: not only do they encrypt files, but they exfiltrate them as well—threatening public exposure should the ransom demand go unmet. Unlike some ransomware groups that focus on specific industries, INC Ransom’s operations are indiscriminate, spanning healthcare, education, government, and manufacturing.
Their choice of targets points to a deliberate concentration on Western nations. As with many cybercriminal entities, INC Ransom appears to avoid attacking organizations based in post-Soviet states. Some analysts speculate that the recently emerged Lynx collective may be either a rebranding or a parallel project run by the same actors behind INC Ransom.
Given the deeply personal nature of the stolen data in this particular breach, public outrage has been especially fierce. The issue at hand now transcends financial loss—it strikes at the core of ethical boundaries, which cybercriminals, it seems, no longer acknowledge at all.
Donate