Ransomware cyber

Pennsylvania’s Office of Attorney General (OAG)

Sep 1, 2025 2 min read
Pennsylvania’s Office of Attorney General (OAG)

The Pennsylvania Office of Attorney General (OAG) suffered a ransomware attack in August, disrupting critical operations. The attack encrypted OAG servers, forcing systems offline, including the agency’s website, email accounts, and landline phones. While no ransom was paid, the incident caused delays in civil and criminal court cases, requiring extensions for ongoing proceedings. Approximately 1,200 employees across 17 offices were impacted, relying on alternate communication methods during recovery. The OAG, serving as Pennsylvania’s top law enforcement agency, faced operational disruptions in prosecuting criminal cases and enforcing consumer protections. Although most services (email, website, and phone lines) were restored, the investigation remains ongoing to determine if data was stolen. The attack underscored vulnerabilities in government cybersecurity, prompting collaborative efforts with other agencies to prevent future incidents. No evidence yet suggests long-term harm to prosecutions or civil proceedings, but the operational outage and potential data exposure pose significant risks to legal processes and public trust.

Source: https://www.infosecurity-magazine.com/news/ransomware-pennsylvania-ag/

TPRM report: https://www.rankiteo.com/company/pennsylvania-office-of-attorney-general

"id": "pen812090225",
"linkid": "pennsylvania-office-of-attorney-general",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'law enforcement',
                        'location': 'Pennsylvania, USA',
                        'name': 'Pennsylvania Office of Attorney General (OAG)',
                        'size': '~1,200 employees across 17 offices',
                        'type': 'government agency'}],
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': 'unconfirmed (under investigation)'},
 'date_detected': '2023-08-01',
 'date_publicly_disclosed': '2023-08-18',
 'description': 'Pennsylvania’s Office of Attorney General (OAG) confirmed a '
                'ransomware attack that encrypted files and disrupted '
                'operations, including delays to civil and criminal court '
                'cases. The attack knocked OAG servers offline in August 2023, '
                'disabling the website, email accounts, and phone lines. No '
                'ransom was paid, and the investigation is ongoing to '
                'determine if data was stolen. Most services, including email '
                'and the main phone line, have been restored, but full '
                'functionality is still being worked on. Approximately 1,200 '
                'staff across 17 offices are operating with alternate methods '
                'where necessary.',
 'impact': {'brand_reputation_impact': 'potential (ongoing investigation and '
                                       'public updates)',
            'downtime': {'duration': 'ongoing (partial restoration as of '
                                     '2023-08-29)',
                         'end': None,
                         'start': '2023-08-01'},
            'operational_impact': ['delays in civil and criminal court cases',
                                   'disruption to email and phone '
                                   'communications',
                                   'alternate work methods for staff'],
            'systems_affected': ['servers',
                                 'website',
                                 'email accounts',
                                 'land phone lines']},
 'investigation_status': 'ongoing (active investigation with other agencies)',
 'motivation': 'financial (ransom demand)',
 'post_incident_analysis': {'corrective_actions': ['collaboration with other '
                                                   'agencies to prevent future '
                                                   'incidents']},
 'ransomware': {'data_encryption': True,
                'data_exfiltration': 'unconfirmed (under investigation)',
                'ransom_demanded': True},
 'references': [{'source': 'Infosecurity Magazine'},
                {'source': 'Pennsylvania OAG Public Update (August 29, 2023)'}],
 'response': {'communication_strategy': ['regular public updates',
                                         'notifications to individuals if '
                                         'necessary'],
              'containment_measures': ['isolating affected systems',
                                       'restoring services incrementally'],
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'recovery_measures': ['restoring email access',
                                    'bringing website and phone lines back '
                                    'online'],
              'remediation_measures': ['working with other agencies to prevent '
                                       'recurrence'],
              'third_party_assistance': True},
 'stakeholder_advisories': ['regular public updates',
                            'potential notifications to individuals if data '
                            'breach confirmed'],
 'title': 'Ransomware Attack on Pennsylvania’s Office of Attorney General '
          '(OAG)',
 'type': ['ransomware', 'cyberattack']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.