Ransomware gang Inc this week took credit for a June 2025 attack on the government of Thomasville, North Carolina.
Thomasville officials first reported a cyber attack on June 12, 2025.
“Containment efforts have been successful, and all critical systems—including emergency services—have remained fully operational throughout the process,” says the city’s announcement. “Internal third party software applications experienced some temporary delays; however, there has been no impact on public-facing city services.”
The announcement stated that there was no evidence of data theft, but Inc says it stole 250 GB of data from Thomasville’s servers. To prove its claim, Inc posted images of what it says are stolen documents to its website. They include file directories and spreadsheets.
Thomasville officials have not verified Inc’s claim. We do not know if the city did or will pay a ransom, how much Inc demanded, what data was compromised, or how attackers breached the city’s network. Comparitech contacted Thomasville officials for comment and will update this article if they reply.
Who is Inc?
Inc is a ransomware gang that first emerged in the middle of 2023 and has since targeted a wide range of victims in healthcare, education, and government. Its methods include spear phishing and exploiting known vulnerabilities in software. Inc employs a double-extortion scheme in which it both steals data and locks up infected systems, forcing victims to pay both for system restoration and the safe deletion of stolen data. Inc operates a ransomware-as-a-service business in which customers pay Inc to use its malware and infrastructure to launch attacks and collect ransoms.
Inc has claimed responsibility for 343 ransomware attacks in total, and 100 of those were confirmed by the targeted organizations. 17 of those 100 confirmed attacks hit government entities. It claimed six such attacks in 2025:
- The State Bar of Texas notified 3,012 people of January data breach
- Fort St. john, Canada refused to pay a ransom following a February attack
- Anne Arundel County reported a breach in February
- The Pierce County, WA Library System suffered a data breach in April
- Durant, OK reported a data breach in June
- Tonga’s Ministry of Health refused to pay a $1 million ransom after a June attack disrupted its systems
Ransomware attacks on US government
Comparitech researchers have logged 34 confirmed ransomware attacks against US government entities in 2025 to date.
In addition to Thomasville, four other such attacks were confirmed in June:
- Durant, OK
- Mower County, MN
- Taos County, NM
- Green River, WY
It can take months or even years for local governments to notify individuals whose data was compromised in a ransomware attack. For example, Clark County, WA has just started issuing data breach notices to 76,000 people about an attack that took place in October 2023.
Ransomware attacks on US government agencies and departments can both steal data and lock down computer systems. The attacker then demands a ransom to delete the stolen data and in exchange for a key to recover infected systems. If the target doesn’t pay, it could take weeks or even months to restore systems, data could be lost forever, and people whose data was stolen are put at greater risk of fraud.
About Thomasville, NC
Thomasville is home to about 27,000 people in central North Carolina.
