After ransomware attack on state attorney general’s office, hackers begin posting documents

  • Print.

ransomware words on keyboard

Image from

Hackers have posted documents that are said to be stolen from the Illinois attorney general’s office, including documents labeled “judgments entered,” “shakedown cases” and “state prisoners.”

Illinois Attorney General Kwame Raoul revealed that the breach was a ransomware attack in an April 29 press release. The office had previously revealed the April 10 compromise of its network in an April 13 press release.

The Chicago Sun-Times, the Chicago Tribune and Capitol News Illinois have coverage.

The ransomware group DoppelPaymer posted 68 documents that are said to be from the state attorney general’s office, according to the Chicago Sun-Times. The group warned that more information will be uploaded. DoppelPaymer is thought to be based in Eastern Europe or Russia, according to the Chicago Sun-Times.

The breach could include names, addresses, email addresses, Social Security numbers, health insurance information, medical information, tax information and driver’s license numbers, according to the press release and a public notice.

A routine audit released in February had warned that the Illinois attorney general’s office maintains computer systems with large volumes of personal information, yet it has not performed a comprehensive assessment to protect personal information, according to the Chicago Tribune.

Raoul has not commented on how the breach affects daily operations. But a court document filed by the office’s civil rights division said lawyers have not been able “to access work product and research” as a result of the hack, according to the Chicago Tribune.

Give us feedback, share a story tip or update, or report an error.