Ransomware group Inc today took credit for a November 2025 cyber attack on Rainbow Communications, a rural phone and internet provider in northeast Kansas.
Rainbow on November 16 announced it was experiencing service issues after a cybersecurity event disrupted customers’ phone and internet services. Those services were restored by November 19, 2025.
On its data leak site, Ransomware gang Inc claimed responsibility for the attack and said it stole 200 GB of data from Rainbow including accounting, HR, and customer data. To prove its claim, Inc posted sample images of what it says are documents stolen from Rainbow.
Rainbow Communications has not verified Inc’s claim. We do not know what data was compromised, how many people are affected, if Rainbow paid a ransom, how much Inc demanded, or how attackers breached Rainbow’s network. Comparitech contacted Rainbow Communications for comment and will update this article if it replies.
“We are experiencing service issues and are working to identify all affected customers,” Rainbow announced on Facebook on November 16, 2025.
“We’re pleased to share that all services impacted by the recent cybersecurity event have been fully restored,” said another post published three days later.
Who is Inc?
Inc Ransomware first surfaced in July 2023 and targets a wide range of victims in healthcare, education, and government. Its methods involve spear phishing and exploiting known vulnerabilities in software. Once infected, Inc’s malware both steals data and locks down computer systems until a ransom is paid to unlock them.
Inc took credit for 54 confirmed ransomware attacks in 2025 to date. Its other recently-confirmed attacks include:
- Valley View Independent School District said a November 2025 cyber attack disrupted computer systems and phone lines. Inc says it stole 68 GB of data.
- Persante Health Care last month notified victims of a January 2025 data breach claimed by Inc.
Inc has made a further 289 unconfirmed attack claims this year that haven’t been publicly acknowledged by the targeted companies.
Ransomware attacks on US utilities
Comparitech researchers have logged three confirmed ransomware attacks on private US utility companies in 2025, and another four attacks on government utility providers. They include
- Communications Data Group notified 42,518 Duo Broadband customers of a February 2025 data breach claimed by Qilin
- Conterra Networks notified 1,497 people of a March 2025 data breach claimed by RansomHub
- Massachusetts Municipal Wholesale Electric Company reported a January 2025 data breach claimed by BlackSuit
- Greenville Electric Utility System reported an August 2025 ransomware attack
- Lakehaven Water & Sewer District reported a September 2025 data breach claimed by Qilin
- Hampton Roads Sanitation District notified 3,824 people of an October 2025 data breach claimed by Clop
Ransomware attacks on US utilities can disrupt billing, communication, access to files, and, in more extreme cases, service delivery. The attacks can lock down computer systems and steal data. Utilities must then pay a ransom to restore their systems and for the ransomware group to destroy stolen data. If they don’t, utilities face extended downtime, data loss, and putting customers at increased risk of fraud.
About Rainbow Communications
Rainbow Communications is a broadband internet and phone provider in northeast Kansas. Based in Everest, it serves the communities of Arrington, Atchison, Bendena, Denton, Effingham, Elwood, Everest, Hiawatha, Highland,
Horton, Huron, Iowa Tribe, Lancaster, Larkinburg, Leona, Muscotah, Reserve
Robinson, Sabetha, Seneca, Severance, Troy, Wathena, Whiting, and Willis.
