A “ransomware” group potentially linked to Russia has uploaded to a website scores of documents it says were stolen from Illinois Attorney General Kwame Raoul’s office over two weeks after the state’s top law enforcement officer first reported his office’s computer network was compromised.
Raoul had declined to publicly provide details of the hack, but on Thursday, he issued a follow-up statement, saying his office has set up a toll-free hotline for those seeking more information on the breach, which could include “names, addresses, email addresses, Social Security numbers, health insurance and medical information, tax information, and driver’s license numbers.”
But the office said it “has not yet determined what personal information on its network is impacted.”
The latest announcement comes after the ransomware group DoppelPaymer posted 68 documents it said are from the attorney general’s office, as well as other entities they’ve hit, on a website on which a user can find “private data of the companies which were hacked by DoppelPaymer.”
According to the website, the “companies decided to keep the leakage secret. And now their time to pay is over.”
The Chicago Sun-Times accessed the site using a special browser that allows for anonymous communication while on the internet.
Ransomware is a type of malicious software that typically includes threats to publish a victim’s data or block access to that data unless the victim pays a ransom.
The documents from Raoul’s office were initially published on the website on April 21, with more documents added Thursday. The files taken from the Illinois’ chief legal officer include those labeled “judgments entered,” “shakedown cases” and “state prisoners.”
About 200 gigabytes of confidential information will be “progressively uploaded,” the group warns on the site.
Starting Friday, anyone with questions about the network compromise can call the Attorney General’s Computer Network Compromise Hotline at 1-833-688-1949, from 8 a.m. to 5 p.m., Monday through Friday.
Raoul’s office will continue to “evaluate the extent of the network compromise” and information about the breach, and…