Hackers have uncovered what was meant to remain underground. And this is no joke anymore.
Criminals have disrupted eternal peace. Now, they’re looking for those who will pay for their silence.
One of the most provocative cybercrime stories has taken a turn where it was least expected — within the walls of a cemetery. The hacker group INC Ransom, known for its attacks on companies worldwide, has added to its list of victims a Catholic cemetery in Canada, revealing documents containing confidential information about clients and employees. This incident only confirms that, for modern extortionists, there are no moral boundaries — anyone can be targeted, even those working with the memory of the deceased.
The cyberattack targeted The Catholic Cemeteries of the Diocese of Hamilton — an organization involved in burial services and grave maintenance in Ontario. The breach was reported on the underground INC Ransom forum, where the group publishes data of its new victims. Among the leaked files were financial documents, territorial maps, contracts, names, birthdates, and employee payrolls. The authenticity of some materials has already been confirmed by analysts.
Hackers post cemetery data on the dark web
What is particularly alarming is that the data appears to contain information about clients — that is, people who have lost their loved ones. According to experts, this could lead to targeted fraud: criminals may pose as funeral service representatives, demand additional payments, or manipulate people in a state of grief. The forms of pressure may range from phone calls to phishing emails with fake invoices or "data verification" requests.
The INC Ransom group is one of the most active on the cybercrime scene. Since July 2023, it has carried out at least 163 attacks. Among its victims are U.S. Department of Defense contractor Stark AeroSpace, the Leicester City Council in the UK, the San Francisco Ballet, the Dumfries and Galloway Scottish Health Service, and the multinational corporation Xerox.
INC Ransom uses a multi-layered pressure scheme: it not only encrypts files but also steals them, threatening publication if the ransom is not paid. The group does not focus on any one sector — its attacks are chaotic, covering healthcare, education, government, and industry.
The geographical focus of their attacks indicates targeted operations in Western countries. At the same time, like many other criminal organizations, INC Ransom avoids targeting structures from CIS countries. Some analysts believe that the recently emerged group Lynx could be a rebranding or parallel project of the same individuals behind INC Ransom.
Considering the nature of the stolen information in the cemetery case, this incident has sparked particularly strong public condemnation. The issue now is not only the financial damage but also the ethical boundaries that cybercriminals, it seems, no longer recognize at all.
