Extent Of Ransomware Hack Of Attorney General Remains Uncertain


CHICAGO — Illinois Attorney General Kwame Raoul’s admitted for the first time this week that his office — which often advises people on ways to protect themselves from identity theft and fraud — had suffered a ransomware attack earlier this month, exposing the personal data of an as-yet-unknown number of residents.



Kwame Raoul wearing a suit and tie: Illinois Attorney General Kwame Raoul said his office was working closely with federal law enforcement and technology experts to figure out how it was sacked and "what we can do to ensure that such a compromise does not happen again."


© AP Photo/Seth Perlman, File
Illinois Attorney General Kwame Raoul said his office was working closely with federal law enforcement and technology experts to figure out how it was sacked and “what we can do to ensure that such a compromise does not happen again.”

Three days after the April 10 discovery of the hack, Raoul issued a statement saying his office’s networks had been compromised to an unknown extent.

Loading...

Load Error

On April 21, several gigabytes of files apparently taken from the attorney general’s office were uploaded to a dark web website called Dopple Leaks, which contains “private data of the companies which were hacked by DoppelPaymer,” a ransomware gang.

“This companies decided to keep the leakage secret. And now their time to pay is over,” the website says. It claims about 200 gigabytes of “confidential information will be progressively uploaded.”

On Thursday, Raoul’s office issued a public notification of the hack, which described the breach as a “ransomware attack that has compromised the office’s network.”

State law requires businesses and institutions to notify residents when their information has been compromised by a data breach, so the attorney general’s office posted a public notice saying officials were unaware what was stolen.

But it noted the hacked material could include the names, addresses, social security numbers, account numbers, health insurance, tax, medical, driver’s license and “other such information as necessary,” according to the notice.

“While we do not yet know with certainty what was compromised in the ransomware attack, we are working closely with federal law enforcement authorities and outside technology experts to determine what information was exposed, how this happened, and what we can do to ensure that such a compromise does not happen again,” Raoul said in the…

Source…