IncRansom Ransomware Group Lists Sibilla Capital and Lopez Law Firm on Leak Site

The IncRansom ransomware operation has added two new entries to its dark web blog, listing sibillacapital.com and lopezlawfl.com as apparent targets. The postings, detected through threat intelligence monitoring channels, signal fresh activity from a group that has established itself in the ransomware ecosystem. The URLs suggest the listed entities are Sibilla Capital, a financial services firm, and Lopez Law Firm, a Florida-based legal practice—both sectors that typically hold sensitive client data and face significant pressure from public breach disclosures.

Ransomware groups commonly use leak sites as part of a double-extortion strategy, threatening to publish or sell stolen data if victims refuse to pay. The appearance of these organizations on IncRansom's portal indicates the group may have gained access to their networks, though the extent of any data exfiltration or encryption remains unclear from the initial postings. Threat intelligence platforms tracking IncRansom note the group's continued activity, with the latest additions suggesting ongoing targeting of professional services firms where the potential consequences of exposure could increase pressure during ransom negotiations.

The development highlights the persistent risk ransomware poses to financial and legal sector organizations, which remain high-value targets due to the confidential nature of their client work. The postings raise immediate concerns about potential data exposure, client confidentiality, and regulatory implications for the affected entities. Security teams monitoring the threat landscape are advised to track IncRansom's infrastructure and indicators of compromise as the situation develops. The group's activity underscores the importance of network segmentation, backup strategies, and rapid incident response capabilities for organizations handling sensitive data.