INC Ransom Adds City of Acworth, Georgia, and City of Oak Park, Michigan, to Dark Web Leak Site

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Key Takeaways
  • Two cities listed: INC Ransom added the City of Acworth and the City of Oak Park to its dark web data leak site.
  • Acworth confirmed: City officials publicly confirmed a cyberattack that hit municipal systems on June 8, 2026, and notified law enforcement.
  • Unconfirmed Allegations: The attack on the City of Oak Park is currently just a claim, with officials yet to confirm the alleged intrusion.

INC Ransom listed the U.S. City of Acworth, located in Cobb County, Georgia, and City of Oak Park, an inner-ring suburb of Metro Detroit in Oakland County, Michigan, on its dark web leak site. These claims were discovered on July 2 and 3, respectively, and were accompanied by alleged samples.

As of publication, Oak Park city officials have not issued a public statement confirming the claim, and the posting reflects INC Ransom's own assertion rather than independent verification.

City of Acworth Attack Confirmed by Officials

The City of Acworth disclosed in a news release that it was hit by a cybersecurity attack that impacted certain computer systems starting June 8, 2026. 

INC Ransom listed Oak Park and Acworth (screenshot) | Source: TechNadu via Ransomware.live
INC Ransom listed Oak Park and Acworth (screenshot) | Source: TechNadu via Ransomware.live

City officials said they engaged cybersecurity professionals and notified law enforcement once the intrusion was detected, and that systems have since been restored with no disruption to day-to-day operations. Acworth has not released further details about the incident. 

INC Ransom Oak Park listing (screenshot) | Source: TechNadu via Ransomware.live
INC Ransom Oak Park listing (screenshot) | Source: TechNadu via Ransomware.live

Why the INC Ransom Attacks Matter for Local Governments

INC Ransom uses a double-extortion model. Government sector victims are common targets. Local governments are a soft, high-value target. Municipal systems hold data that ransomware groups want, such as residents' personal data, tax records, utility billing, and permits.

Cybersecurity experts generally recommend reporting suspected ransomware incidents to the FBI and the Internet Crime Complaint Center (IC3) and monitoring for follow-up phishing or fraud attempts tied to any leaked government data.

This year, the threat actor claimed responsibility for the Wisconsin Denmark School District cyber incident, which triggered a network outage, and a Cocoa City IT disruption.  


For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: