A ransomware group called Inc today took credit for a cyber attack earlier this month on the city of Cocoa, Florida.
The city announced “ongoing technical issues” on February 17, 2026 that disrupted utility payments and IT systems.
On its data leak website, Inc claimed responsibility for the disruption and says it stole files from the city’s official servers. To prove its claim, Inc posted sample images of what it says are stolen documents.
Cocoa officials have not acknowledged Inc’s claim, and Comparitech cannot verify the authenticity of it. We do not know what data was compromised, how much Inc demanded in ransom, if the city did or will pay a ransom, or how attackers breached the city’s servers. Comparitech contacted Cocoa officials for comment and will update this article if they reply.
“On February 16, 2026, the City of Cocoa identified technical issues affecting certain information technology systems. The City is actively working with appropriate partners and technical specialists to thoroughly assess and resolve the situation,” says the city’s February 17 announcement.
“At the February 17, 2026 City Council Priorities and Planning Special Meeting, City Council approved an emergency declaration to allow City leadership to take swift action, authorize emergency expenditures, and ensure the rapid deployment of staff and resources necessary to continue serving the Cocoa community.”
Who is Inc?
Inc is a ransomware group that first surfaced in July 2023 and targets a wide range of victims in healthcare, education, and government. Its methods involve spear phishing and exploiting known vulnerabilities in software. Once infected, Inc’s malware both steals data and locks down computer systems until a ransom is paid to unlock them.
In 2025, Inc claimed responsibility for 360 ransomware attacks, and the organizations it targeted confirmed 68 of those claims. Since the start of 2026, it’s made 66 more attack claims.
Inc took credit for attacks on these companies in 2026:
- Distinctive Systems (United Kingdom)
- Beacon Mutual Insurance Company (Rhode Island)
- Ju Teng International Holdings (Taiwan)
- Air (Côte d’Ivoire)
In 2025, some of Inc’s more high-profile attacks include those on the State Bar of Texas; the Pierce County Library System (WA); the city of Durant, OK; the city of Thomasville, NC; and the Pennsylvania Attorney General.
Ransomware attacks on US government
Four US government entities have confirmed ransomware attacks so far in 2026, according to Comparitech researchers. They include the cities of Midway, FL and New Britain, CT; Winona County, MN; and the Tulsa International Airport.
The city of Peabody, MA earlier this month notified 48,000 people of a June 2025 data breach claimed by a ransomware group called Interlock.
The city of York, PA recently paid $500,000 to the ransomware group that hacked it in July 2025.
The Cheyenne and Arapaho Tribes refused to pay a $700,000 ransom demanded by the ransomware group Rhysida following a December 2025 data breach.
Ransomware attacks on government entities can both steal data and lock down computer systems. They can disrupt any number of government systems from bill payments to court records and even emergency dispatch. Governments must pay a ransom for the stolen data and to restore systems, or else they face extended downtime, permanent data loss, and putting data subjects at increased risk of fraud.
About Cocoa, FL
Cocoa is a city in the coastal Palm Bay area of Brevard County, Florida with a population of about 19,000 people.
