The Pennsylvania Office of Attorney General (OAG) has confirmed it was the target of a ransomware attack earlier this month, disclosing that unknown threat actors encrypted files in an effort to extort the state agency.
No ransom was paid, and the OAG reports that it is making significant progress in restoring full operations.
The disclosure came in a recent update from Attorney General Dave Sunday, following more than two weeks of service disruptions that began on August 11. At the time of the incident, the agency's internal network, public website, email systems, and landlines were rendered inoperable. According to Sunday, the attack was the result of “an outsider encrypting files,” and a criminal investigation is ongoing in coordination with unnamed partner agencies.
No ransomware group has claimed responsibility for the attack as of this writing, and CyberInsider's monitoring has not identified any related data leaks or dark web postings from known ransomware actors.
The Pennsylvania Office of Attorney General is a statewide law enforcement agency with approximately 1,200 staff spread across 17 locations throughout the Commonwealth. It handles criminal prosecutions, civil litigation, consumer protection, public safety initiatives, and oversees investigative work ranging from cybercrime to narcotics enforcement.
In the latest update, the OAG noted that staff have resumed access to email and are again communicating with constituents and other agencies. The agency's website and main phone line are also operational. However, some internal workflows are still being handled through alternative methods as the full recovery continues.
The attack led to temporary communication outages and disrupted legal operations, prompting several Pennsylvania courts to issue continuances for both civil and criminal cases. While these delays are described as normal procedural adjustments, the Attorney General emphasized that no prosecutions or investigations are expected to be negatively impacted solely due to the attack.
Despite the significant disruption, the OAG has continued to function, with attorneys attending court proceedings and investigators executing public safety operations. Sunday praised staff resilience and vowed continued transparency as the situation evolves, indicating that future public updates are planned.
While no specifics have been released about the infection vector, targeted systems, or ransomware strain involved, the fact that no ransom was paid suggests a response strategy focused on containment, recovery, and preserving legal and operational integrity.
Leave a Reply