Ransomware gang Inc today took credit for a cyber attack earlier this month on the city government of Durant, Oklahoma. Inc says it stole 800 GB of data from the city and gave Durant officials 48 hours to pay an undisclosed amount in ransom.
If Durant doesn’t pay the ransom by June 19, 2025, Inc threatens to sell or release the data to scammers. Inc claims to have stolen passport info, addresses, and phone numbers.
“Despite our reports that 800+ GB of data – may become public, the Management of the city has been totally negligent and indifferent to the fact that now passport data / addresses / phone numbers of hundreds of people will fall into the hands of scammers. Durant city has 48 ours this is your last chance (sic)!” says Inc’s latest update on the ransom.
Durant officials have not verified Inc’s claim. We do not yet know what data was compromised, how many people might be affected, how attackers breached Durant’s servers, or if the city did or will pay a ransom. Comparitech contacted Durant officials for comment and will update this article if they reply.
The city on June 2 posted on Facebook, “On Sunday, June 1st, the City of Durant became the target of a ransomware attack. We immediately began working with law enforcement and cybersecurity experts to contain the issue and restore operations. Some services — including digital and credit card payments — are still being impacted. We appreciate your patience as we continue to investigate and work toward full recovery. We’ll share updates as more information becomes available. Thank you for your understanding. Regarding credit card information inquires, this is still being actively investigated.”
The city restored its payment system on June 9, according to another Facebook post.
Who is Inc?
Inc is a ransomware gang that first emerged in the middle of 2023 and has since targeted a wide range of victims in healthcare, education, and government. Its methods include spear phishing and exploiting known vulnerabilities in software. Inc employs a double-extortion scheme in which it both steals data and locks up infected systems, forcing victims to pay both for system restoration and the safe deletion of stolen data. Inc operates a ransomware-as-a-service business in which customers pay Inc to use its malware and infrastructure to launch attacks and collect ransoms.
Since it began, Inc has claimed credit for 331 ransomware attacks, 96 of which were confirmed by the targeted organizations. In 2025 to date, Inc has claimed 16 confirmed attacks and 102 unconfirmed.
Durant is not Inc’s first government target. This year alone, it has also attacked:
Ransomware attacks on US government
In 2025 to date, Comparitech researchers have logged 30 confirmed ransomware attacks on US government entities. We’re monitoring another 31 unconfirmed claims.
The attack on Durant is the first such confirmed attack in June 2025. Attacks on the Payne County, OK Sheriff’s Office and Liberty Township, OH were both confirmed in May. Ransomware group SafePay claimed both o those attacks.
Yesterday, ransomware group DragonForce gave Strafford County, NH five days to pay a ransom following an attack in March 2025.
Ransomware attacks on US government agencies and departments can both steal data and lock down computer systems. The attacker then demands a ransom to delete the stolen data and in exchange for a key to recover infected systems. If the target doesn’t pay, it could take weeks or even months to restore systems, data could be lost forever, and people whose data was stolen are put at greater risk of fraud.
About Durant, Oklahoma
Durant is a city in Bryan County, Oklahoma. It’s home to about 19,000 people–46,000 in the greater metropolitan area—and is the capital of the Choctaw Nation of Oklahoma, the second-largest Native American reservation in the USA.
Source link
-
-
-
-
-
-
-
-
