The Office of the Pennsylvania Attorney General announced that a ransomware attack is behind the ongoing two-week service outage.
In an official statement, Attorney General David W. Sunday Jr. said that the office refused to pay the attackers.
“The interruption was caused by an outsider encrypting files in an effort to force the office to make a payment to restore operations. No payment has been made,” explained AG Sunday.
“An active investigation is ongoing with other agencies, which limits our ability to comment further on the investigation or response to the incident.”
The AG’s Office announced on August 11 that it had suffered a cybersecurity incident, which took down several of its systems and services, including the public website, email accounts, and landline phones.
At the time of writing, the AG Office website is still not accessible. Email and phone lines have been partially recovered, and the staff are said to perform their work “via alternate channels and methods.”
Meanwhile, until the agency returns to its normal operational status, many courts have issued orders to provide time extensions for criminal and civil cases that are currently underway.
The AG Office stated that it does not expect the situation to impact criminal prosecutions, investigations, or civil proceedings.
The latest statement did not comment on the possibility of sensitive data being exfiltrated during the ransomware attack. However, if the investigation reveals that data has been stolen, affected individuals will be notified.
At the time of writing, no ransomware groups have publicly taken responsibility for the attack on the Office of the Pennsylvania Attorney General, so the perpetrators are unknown.
This is the third time that ransomware gangs have targeted a state entity in Pennsylvania. In 2020, Delaware County was hit by a DoppelPaymer attack and paid a $500,000 ransom to recover encrypted systems. In 2017, a ransomware attack targeted the Pennsylvania Senate Democratic Caucus, shutting down the computer network.
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
