Ransomware cyber

Pennsylvania Office of Attorney General (OAG)

Sep 2, 2025 2 min read
Pennsylvania Office of Attorney General (OAG)

The Pennsylvania Office of Attorney General (OAG) suffered a **ransomware attack** on **August 11, 2025**, where threat actors encrypted critical files to extort the agency. The attack disrupted **internal networks, public websites, email systems, and landlines**, causing **two weeks of operational outages**. While no ransom was paid, the incident forced procedural delays in **civil and criminal court cases**, though no prosecutions or investigations were permanently compromised. Staff temporarily relied on alternative workflows, with **email and phone services restored gradually**. The OAG, a **statewide law enforcement agency with ~1,200 employees**, maintained core functions (e.g., court appearances, public safety operations) despite the disruption. No data leaks were reported, and no ransomware group claimed responsibility. The attackā€™s **infection vector and strain remain undisclosed**, but recovery efforts prioritized **containment and operational continuity** without yielding to extortion demands.

Source: https://cyberinsider.com/pennsylvania-ags-office-hit-by-ransomware-refused-to-pay-hackers/

TPRM report: https://www.rankiteo.com/company/pennsylvania-office-of-attorney-general

"id": "pen453090325",
"linkid": "pennsylvania-office-of-attorney-general",
"type": "Ransomware",
"date": "8/2025",
"severity": "75",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'public sector / legal',
                        'location': 'Pennsylvania, USA',
                        'name': 'Pennsylvania Office of Attorney General (OAG)',
                        'size': '~1,200 staff across 17 locations',
                        'type': 'government agency (statewide law '
                                'enforcement)'}],
 'data_breach': {'data_encryption': True},
 'date_detected': '2025-08-11',
 'date_publicly_disclosed': '2025-08-29',
 'description': 'The Pennsylvania Office of Attorney General (OAG) confirmed '
                'it was targeted by a ransomware attack in August 2025, where '
                'unknown threat actors encrypted files to extort the agency. '
                'No ransom was paid, and the OAG is restoring operations after '
                'significant disruptions to internal networks, public '
                'websites, email systems, and landlines. The attack began on '
                'August 11, 2025, with service interruptions lasting over two '
                'weeks. A criminal investigation is ongoing with unnamed '
                'partner agencies. While no ransomware group has claimed '
                'responsibility, the OAG has resumed partial operations, '
                'including email access and public-facing services, though '
                'some internal workflows remain disrupted. The attack caused '
                'temporary communication outages and legal delays, but no '
                'prosecutions or investigations were negatively impacted.',
 'impact': {'downtime': '> 2 weeks (from 2025-08-11)',
            'operational_impact': ['temporary communication outages',
                                   'disrupted legal operations (court '
                                   'continuances for civil/criminal cases)',
                                   'alternative workflows for internal '
                                   'processes'],
            'systems_affected': ['internal network',
                                 'public website',
                                 'email systems',
                                 'landlines']},
 'investigation_status': 'ongoing (criminal investigation with partner '
                         'agencies)',
 'motivation': 'extortion',
 'ransomware': {'data_encryption': True, 'ransom_demanded': True},
 'references': [{'date_accessed': '2025-08-29',
                 'source': 'PA Attorney General Dave Sunday (Twitter/X)',
                 'url': 'https://t.co/5ILLCNE5YC'},
                {'source': 'CyberInsider'}],
 'response': {'communication_strategy': ['public updates via Attorney General '
                                         'Dave Sunday',
                                         'social media announcements '
                                         '(Twitter/X)'],
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'recovery_measures': ['progress toward full operational recovery',
                                    'transparency updates to the public'],
              'remediation_measures': ['restoration of email access',
                                       'resumption of public website and phone '
                                       'lines',
                                       'alternative workflows for disrupted '
                                       'internal processes'],
              'third_party_assistance': 'unnamed partner agencies '
                                        '(investigation)'},
 'stakeholder_advisories': ['public updates on restoration progress',
                            'court continuances for affected legal cases'],
 'threat_actor': 'unknown',
 'title': 'Ransomware Attack on Pennsylvania Office of Attorney General (OAG)',
 'type': 'ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.