Russian Group Responsible for IL AG Data Breach

By Benjamin Cox on April 30, 2021 at 2:52pm

More information has come out about the ransomware attack at the Illinois Attorney General’s Office.

The Chicago Sun-Times reports that a ransomware group linked to Russia has uploaded to a website scores of documents it says were stolen from Illinois Attorney General Kwame Raoul’s office over two weeks after the state’s top law enforcement officer first reported his office’s computer network was compromised.

Raoul’s office had declined to publicly provide details of the hack back on April 10th and in a press release this morning announcing a support hotline.

The latest announcement comes after the ransomware group DoppelPaymer posted 68 documents it said are from the attorney general’s office, as well as other entities they’ve hit, on a website on which a user can find “private data of the companies which were hacked by DoppelPaymer.” The website says that the companies decided to keep the breaches secret and refused to pay up to the group.

Additional details about the compromise and the personal information impacted will be made available on the Attorney General’s website, to the extent possible, upon completion of the office’s internal investigation and its work with law enforcement and external technology experts.