Ransomware Attack Targeting PA Attorney General Delays Cases

By Danielle Ohl of Spotlight PA

Spotlight PA is an independent, nonpartisan and nonprofit newsroom producing investigative and public-service journalism that holds power to account and drives positive change in Pennsylvania. Sign up for our free newsletters.

The Pennsylvania Office of Attorney General was recently the victim of a ransomware attack.

The attack, first reported by the office as a “cyber incident,” impaired many functions of the agency, as some staff and prosecutors remained unable to access archived emails, files and internal systems crucial to pursuing cases on behalf of the commonwealth.

The office confirmed the attack to Spotlight PA on Aug. 29.

“The interruption was caused by an outsider encrypting files in an effort to force the office to make a payment to restore operations,” according to a statement shared by the office. “No payment has been made. An active investigation is ongoing with other agencies, which limits our ability to comment further on the investigation or response to the incident.”

The Office of the Attorney General is the state’s top law enforcement agency. Attorneys with the office pursue both civil and criminal cases, as well as defend the state government. They do this across a variety of courts, including county-level Common Pleas, state-level appellate courts and federal courts.

Standing orders from Philadelphia and federal courts have postponed some cases through at least mid-September, citing an inability for attorneys with the office to contact witnesses, produce discovery or respond to filings in a timely manner.

“We do not expect–based on what the investigation has revealed so far–that any criminal prosecutions or investigations or civil proceedings will be negatively impacted solely due to the outside interruption,” the AG’s office said in late August.

An Aug. 12 letter from Senior Deputy Attorney General Cara Greenhall to Philadelphia Common Pleas Judge Daniel Anders acknowledged that “Office of Attorney General staff are unable to access any litigation data.”

“IT staff are working diligently to identify and resolve the problem, but we are unable to access our computer systems for the foreseeable future,” Greenhall wrote.

In response, Anders suspended all civil trial litigation through Sept. 12 and postponed criminal matters related to individuals challenging their convictions through Sept. 21.

All three federal district courts issued similar standing orders. It remains unclear whether criminal cases are similarly affected.

The Eastern and Middle District orders referred to the incident as a “cyberattack.”

Spotlight PA was unable to determine how the incident has impacted other county courts or the three state appellate courts.

In an Aug. 18 news release, Attorney General Dave Sunday acknowledged an “outside interruption” brought down the office’s website, phones and email systems, but at the time, the office did not publicly identify a cause for the situation.

He called the situation “frustrating” and thanked both technology staff and law enforcement partners for “working around the clock to resolve the matter.”

“This situation has certainly tested OAG staff and prompted some modifications to our typical routines–however, we are committed to our duty and mission to protect and represent Pennsylvanians, and are confident that mission is being fulfilled,” Sunday said Aug. 29. “You can judge the character of an organization by how it reacts to adversity. I am very proud of our staff who continue to work and find ways to overcome these unexpected hurdles to fulfill our duty to the Commonwealth.”

Spotlight PA asked Sunday’s office for further clarification on how the attack occurred and whether any sensitive information has been compromised, but the Aug. 29 statement did not answer those questions.

In response to questions from Spotlight PA, an FBI spokesperson said the agency is aware of the incident, but had “nothing further to provide.”

Pennsylvania is the latest state to have a cyber incident affect its attorney general. Earlier this year, Virginia’s state attorney general’s office was the victim of a ransomware attack that knocked nearly all its computer systems offline. In 2021, the Office of the Illinois Attorney General also suffered a cyberattack.

Earlier this year, state Sen. Kristin Phillips-Hill (R., York) introduced a slate of legislation aimed at improving Pennsylvania’s cybersecurity preparedness, including a bill that would establish a chief information officer to oversee regular system updates, data maintenance and other security standards across state agencies.

“These bills will strengthen cybersecurity measures, they’ll enhance oversight and they’ll improve government responsiveness to digital threats,” Phillips-Hill said in a March video introducing the package. “We cannot afford to be reactive on cybersecurity.”

Pennsylvania faced one such threat in 2017, when a ransomware attack hit the state Senate Democratic caucus, locking lawmakers and staff out of their systems. The hackers demanded payment in a cryptocurrency amount valued at roughly $30,000, according to reporting from the time. The caucus declined at the advice of the FBI, but ultimately paid more than $700,000 to Microsoft to rebuild its system.

Members of the public can contact the attorney general’s office at 717-787-3391 or email info@attorneygeneral.gov. Complaints may be filed at Attorneygeneral.gov, but there may be processing delays.

BEFORE YOU GO… If you learned something from this article, pay it forward and contribute to Spotlight PA at spotlightpa.org/donate. Spotlight PA is funded by foundations and readers like you who are committed to accountability journalism that gets results.