A large collection of files stolen from the Illinois Attorney General’s Office has appeared on the DopplePaymer ransomware website. The fact is that officials refused to pay the ransom to the attackers, according to The Record.
Among the files published by the hackers, you can find information about court cases, the Illinois Attorney General’s Office, including personal documents that do not appear in public records. In addition, the stolen data includes personal information about prisoners in the state prisons, their complaints and cases.The attack took place on April 10, 2021. The incident was officially reported three days later, on April 13. The prosecutor’s initial statement was short: it only mentioned that the network had been hacked.
As it became known later, on April 21, the incident turned out to be an attack by the DopplePaymer ransomware: malware operators claimed responsibility for the incident and made public several files stolen from law enforcement officers.
The Record’s own sources say that usually most DopplePaymer negotiations fail and end when victims realize that paying the ransom is a major legal challenge.
The fact is that in December 2019, the US Treasury Department added the hack group Evil Corp to its list of foreign organizations that were subjected to sanctions. This happened shortly after the Justice Department indicted two members of Evil Corp.
Since many cybersecurity experts have long linked the DopplePaymer ransomware to the EvilCorp group, any kind of payments and financial transactions from American organizations in relation to this group are prohibited.
At the same time, the Treasury Department reported that it is open to approve some transactions if victims turn to them for help and approval, which the Illinois attorney’s office apparently did not do.
The leak came after a rival ransomware gang called Babuk Locker threatened to leak files from the DC Police Department, which it claims could reveal the identities of police informers.