A ransomware group known as Cloak has claimed responsibility for a disrupting cyberattack on the Virginia Attorney General Office’s systems.
The incident became public in mid-February, when the state’s top prosecutorial agency told employees that nearly all its computer systems, internal services and applications, and website were down, and that internet connectivity and VPN access were affected as well.
Employees were notified of the attack via email and were reportedly directed to return to paper court filings, but the AGO refrained from publicly sharing details on the intrusion.
On March 20, however, the Cloak ransomware gang added the Virginia AGO to its Tor-based leak site, making data allegedly stolen from its systems available for download, which suggests that the group failed to extort the AGO.
SecurityWeek has emailed the Attorney General’s Office for a statement on the incident and will update this article if a response arrives.
Active since late 2022, Cloak appears to have made over 65 victims to date, but only 13 of its attacks have been confirmed, cybersecurity firm Comparitech notes. The attack on Virginia AGO is its first confirmed attack this year.
For encryption, the ransomware gang relies on an ARCrypter variant derived from leaked Babuk ransomware code, Halcyon says.
Believed to be linked to the Good Day ransomware group, Cloak uses social engineering for initial access, but also collaborates with initial access brokers, and has been observed mainly targeting small- and medium-sized businesses in Europe and Asia.
Related: Ransomware Group Claims Attacks on Ascom, Jaguar Land Rover
Related: LockBit Ransomware Developer Extradited to US
Related: Recent Fortinet Vulnerabilities Exploited in ‘SuperBlack’ Ransomware Attacks
Related: FBI: Fake Ransomware Attack Claims Sent to US Executives via Snail Mail
