The Orleans Parish Sheriff's Office (OPSO) suffered a ransomware attack on September 4, 2024, orchestrated by the Qilin ransomware group, a Russia-linked cybercriminal syndicate known for extorting governments and organizations globally. The attack disrupted OPSO’s IT systems, forcing a halt to detainee releases for nearly 24 hours and crippling public access to Docket Master, the agency’s online criminal case lookup tool, for over 10 days. Qilin leaked four administrative and financial documents, including a March 2025 bank statement and a January 2025 internal contraband report, though no highly sensitive data (e.g., Social Security numbers or passwords) was exposed. The group’s dark web post suggested a ransom demand, escalating pressure after OPSO failed to pay. While jail security operations remained intact, the attack caused operational disruptions, delayed legal processes, and forced OPSO to treat all computers as compromised. The agency, assisted by Louisiana State Police CyberCrimes Unit, continues recovery efforts, but the full extent of data exposure remains undisclosed. Qilin, linked to ~900 breaches worldwide, has previously demanded ransoms between $50,000 and $800,000 from victims.
Source: https://www.govtech.com/security/ransomware-group-behind-orleans-sheriffs-attack-emerges
TPRM report: https://www.rankiteo.com/company/orleans-parish-sheriff's-office
"id": "orl4902049091725",
"linkid": "orleans-parish-sheriff's-office",
"type": "Ransomware",
"date": "9/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': ['detainees',
'attorneys',
'general public (users of '
'Docket Master)'],
'industry': 'public safety',
'location': 'New Orleans, Louisiana, USA',
'name': "Orleans Parish Sheriff's Office (OPSO)",
'size': '800 personnel',
'type': 'government agency (law enforcement)'}],
'customer_advisories': "Contact jail's communications staff at 504-202-9386 "
'for case information',
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['PDF (bank statements)',
'internal reports (format '
'unspecified)'],
'personally_identifiable_information': 'none confirmed (no '
'SSNs or account '
'passwords)',
'sensitivity_of_data': 'low (no SSNs, passwords, or highly '
'sensitive PII confirmed)',
'type_of_data_compromised': ['administrative records',
'financial records '
'(non-sensitive)',
'internal operational reports']},
'date_detected': '2024-09-04T04:30:00',
'date_publicly_disclosed': '2024-09-14',
'description': 'The Qilin ransomware group claimed responsibility for a cyber '
"attack on the Orleans Parish Sheriff's Office (OPSO) on "
'September 4, 2024. The group leaked four administrative and '
'financial documents, including a March 2025 bank statement '
'and a January 2025 internal report on contraband incidents. '
'The attack disrupted server operations, temporarily halting '
'detainee releases and disabling the Docket Master online '
'lookup tool for over 10 days. OPSO is working with '
'cybersecurity partners and the Louisiana State Police '
'CyberCrimes Unit to restore systems. The group is suspected '
'to be Russia-based and has been linked to nearly 900 breaches '
'globally since 2022, including over 20 against U.S. local '
'governments in 2024.',
'impact': {'brand_reputation_impact': ['potential reputational damage due to '
'public disclosure of breach',
'misidentification of sheriff in '
"ransomware group's post"],
'data_compromised': ['administrative records',
'financial records (e.g., bank statements)',
'internal reports (e.g., contraband '
'incidents)'],
'downtime': {'Docket_Master_outage': '>10 days (ongoing as of '
'2024-09-16)',
'detainee_release_halting': '24 hours (resumed by '
'weekend)',
'general_system_disruptions': 'ongoing as of '
'2024-09-16'},
'identity_theft_risk': 'low (no SSNs or account passwords '
'confirmed compromised)',
'operational_impact': ['temporary halt of detainee releases (288 '
'bookings, 265 releases since attack)',
'disruption to public and attorney access '
'to case information',
'agency treating all computers as '
'potentially compromised'],
'payment_information_risk': 'low (no sensitive financial data like '
'account passwords confirmed '
'compromised)',
'systems_affected': ['servers',
'Docket Master (online lookup tool)',
'detainee processing systems']},
'initial_access_broker': {'high_value_targets': ['administrative records',
'financial records']},
'investigation_status': 'ongoing (as of 2024-09-16)',
'motivation': ['financial gain (ransom extortion)', 'disruption'],
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Qilin'},
'references': [{'date_accessed': '2024-09-16',
'source': 'The New Orleans Times-Picayune / The Advocate '
'(TNS)'},
{'date_accessed': '2024-09-14',
'source': 'Emisoft (threat analysis by Luke Connolly)'},
{'source': 'U.S. Department of Health and Human Services (2024 '
'report on Qilin group)'}],
'response': {'communication_strategy': ['public statements (e.g., 2024-09-16 '
'update)',
'dedicated phone line for case '
'inquiries (504-202-9386)'],
'containment_measures': ['isolation of affected systems',
'treating all computers as potentially '
'compromised'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['assessment and restoration of systems '
'(ongoing)',
'resumption of detainee releases by '
'weekend'],
'third_party_assistance': ['cybersecurity partners (unnamed)',
'Louisiana State Police CyberCrimes '
'Unit']},
'stakeholder_advisories': ['public statements on operational status',
'phone line for case inquiries (504-202-9386)'],
'threat_actor': 'Qilin ransomware group',
'title': "Ransomware Attack on Orleans Parish Sheriff's Office by Qilin Group",
'type': ['ransomware', 'data breach']}