INCRANSOM Ransomware Group Lists Lopez Law FL as Victim on Dark Web Portal

A Florida-based law firm has surfaced on the dark web leak site operated by the INCRANSOM ransomware group, signaling potential exposure of sensitive legal client data. The domain lopezlawfl[.]com was identified as a listed victim through open-source intelligence monitoring, raising immediate concerns about confidential case files, attorney-client communications, and personal client information that may have been accessed or exfiltrated during the incident.

INCRANSOM has emerged as an active threat actor in the ransomware ecosystem, using double-extortion tactics that combine file encryption with data theft to pressure victims into payment. Law firms represent high-value targets for such operations due to the sensitive nature of legal records, which can include litigation strategies, financial documents, and personally identifiable information across multiple clients. The appearance of Lopez Law FL on the group's Tor-based portal suggests the firm may be facing demands under threat of public data release, though the extent of any breach remains unconfirmed by the victim organization at this stage.

The incident underscores the persistent vulnerability of small and mid-sized legal practices to targeted ransomware campaigns. Unlike large corporate firms with dedicated security operations, regional law offices often lack the defensive infrastructure to detect or prevent sophisticated intrusions. For clients of Lopez Law FL, the situation creates uncertainty around the security of their legal matters and personal information. Security researchers tracking INCRANSOM note the group's pattern of following through on publication threats when ransom negotiations fail or do not materialize, making early incident response and client notification critical considerations for any affected practice.