In March 2024, INC Ransomware launched a significant attack on NHS Scotland, stealing 3 terabytes of sensitive data and threatening to publish it unless a ransom—reportedly in excess of $5 million—was paid. Known for its double-extortion tactics, INC not only encrypts victims’ data but also exfiltrates it to pressure payment.

The group has since rebranded itself as "Lynx" and continues targeting critical sectors across the US and UK, using the same aggressive tactics to exploit vulnerable organizations.

The broader ransomware landscape shows no signs of slowing. In recent weeks, NASCAR confirmed a data breach after the Medusa ransomware group demanded $4 million in ransom. Similarly, on July 28, 2025, the GLOBAL GROUP ransomware gang claimed to have breached Albavisión, a major Miami-based media company, stealing 400GB of data. As attacks grow more frequent and sophisticated, the mounting threats underscore the urgent need for improved cybersecurity measures across both public institutions and private enterprises.

Meanwhile, confusion surrounds another alleged victim, Dollar Tree. While INC Ransom has listed the retailer on its leak site and claimed to have stolen 1.2TB of sensitive data, Dollar Tree has denied any breach of its own systems. A company spokesperson clarified that the data likely stems from 99 Cents Only Stores, whose real estate leases Dollar Tree acquired after their closure. “We did not acquire their corporate entity, systems, or data,” Dollar Tree stated, calling any link between them and the alleged data leak “inaccurate.”