Pennsylvania Office of the Attorney General

The Pennsylvania Office of the Attorney General (OAG) suffered a targeted ransomware attack on August 11, where a malicious actor encrypted critical files in an attempt to extort a ransom payment. The attack disrupted website, email, and phone systems, forcing ~1,200 employees across 17 offices to rely on alternate work methods. While the OAG confirmed no ransom was paid, the incident triggered court-ordered extensions for criminal and civil cases, though officials claimed no prosecutions or investigations were negatively impacted. The attack’s scope remains partially undisclosed due to an ongoing investigation, but the OAG acknowledged that sensitive personal information of some individuals may have been compromised. The agency alerted affected parties while working with partner agencies to assess the breach’s full impact. Despite operational disruptions including potential data exposure and blackmail attempts the OAG emphasized its commitment to fulfilling its mission without conceding to hacker demands. The long-term consequences, such as reputational damage or legal liabilities, remain uncertain as restoration efforts continue.

Source: https://www.govtech.com/security/pennsylvania-ag-confirms-cyber-attack-by-malicious-actor

TPRM report: https://www.rankiteo.com/company/pennsylvania-office-of-attorney-general

"id": "pen2502025091925",
"linkid": "pennsylvania-office-of-attorney-general",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': 'Limited individuals (number '
                                              'unspecified)',
                        'industry': 'Legal/Law Enforcement',
                        'location': 'Pennsylvania, USA',
                        'name': 'Pennsylvania Office of Attorney General',
                        'size': '~1,200 employees (17 offices statewide)',
                        'type': 'Government Agency'}],
 'customer_advisories': 'Notifications sent to affected individuals (scope '
                        'unspecified)',
 'data_breach': {'data_encryption': True,
                 'personally_identifiable_information': 'Possible (limited '
                                                        'notifications sent)',
                 'type_of_data_compromised': 'Unknown (under investigation; '
                                             'files encrypted)'},
 'date_detected': '2024-08-11',
 'date_publicly_disclosed': '2024-08-29',
 'description': 'A malicious actor encrypted files at the Pennsylvania Office '
                'of Attorney General in an attempt to extort a ransom payment. '
                'The attack disrupted website, email, and phone services, '
                'though the office confirmed no ransom was paid. An active '
                'investigation is ongoing to determine the scope of '
                'compromised information. Some court proceedings were granted '
                'extensions, and staff (approx. 1,200 across 17 offices) '
                'adapted to alternate work methods. A limited number of '
                'individuals were notified of potential data exposure.',
 'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
                                       'public disclosure of attack and data '
                                       'exposure risks',
            'data_compromised': 'Unknown (investigation ongoing; limited '
                                'individuals notified)',
            'downtime': 'Ongoing as of 2024-08-29 (partial restoration via '
                        'alternate methods)',
            'identity_theft_risk': 'Possible (limited individuals notified of '
                                   'potential exposure)',
            'operational_impact': 'Staff (1,200 employees) adapted to '
                                  'alternate work channels; court extensions '
                                  'granted for criminal/civil cases',
            'systems_affected': ['Website',
                                 'Email',
                                 'Phone services',
                                 'File encryption']},
 'investigation_status': 'Active (ongoing; details limited due to sensitivity)',
 'motivation': 'Financial extortion (ransomware)',
 'ransomware': {'data_encryption': True,
                'ransom_demanded': 'Undisclosed amount'},
 'references': [{'source': 'Tribune News Service (TNS)'},
                {'source': 'Pennsylvania Office of Attorney General Press '
                           'Release (Aug. 29, 2024)'}],
 'response': {'communication_strategy': ['Press releases (Aug. 29, follow-up '
                                         'on disclosure date)',
                                         'Notifications to affected '
                                         'individuals'],
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'remediation_measures': ['Alternate work channels/methods for '
                                       'staff',
                                       'File restoration efforts (status '
                                       'unclear)'],
              'third_party_assistance': 'Partner agencies (unspecified)'},
 'stakeholder_advisories': 'Court orders issued for case extensions; limited '
                           'individual notifications',
 'threat_actor': 'Malicious actor (unknown)',
 'title': 'Ransomware Attack on Pennsylvania Office of Attorney General',
 'type': 'Ransomware Attack'}