By Michael Tanenbaum

Copyright phillyvoice

A global cybercrime group known for ransomware attacks has claimed to be behind the August data breach that disrupted operations at the Pennsylvania Office of Attorney General and forced ongoing delays to criminal and civil cases.

Inc, an extortion group known to target health care, education and government entities, posted what it claims are sample documents stolen from the attorney general’s office on its own data leak website to take credit for the breach, HackReads reported Tuesday. Cybersecurity research firm Comparitech told the technology website that Inc claims to have stolen 5.7 terabytes of data from the state’s top law enforcement agency.

MORE: Estate that was George Washington’s headquarters during Revolutionary War hits market for $3.3 million

Pennsylvania Attorney General Dave Sunday announced the data breach on Aug. 18, saying the cyberattack on the office’s computer network and servers began Aug. 11. The office’s website, email and phone service were knocked offline but were mostly restored in the days and weeks after the breach.

Ransomware attacks use malicious software to gain access to sensitive information that can be stolen or locked until the target agrees to pay a ransom. Inc first appeared in July 2023 and became notorious for spear-phishing attacks, which use fake emails to get people to click on bad links that contain malware.

Inc has claimed responsibility for more than 450 cyberattacks, including several against large health care organizations and one in June that shut down internet service at Albemarle County’s offices in Virginia. The county said the breach may have exposed sensitive data but denied making any ransom payments.

The Pennsylvania Office of Attorney General and the FBI’s Philadelphia field office declined to comment on the investigation and Inc’s possible role in the cyberattack.

In a statement on Sept. 17, Sunday’s office said it has not made any ransom payments. The office said it notified “a few individuals” that their information may have been involved, but did not share details about the data that may have been compromised.

The attorney general’s office employs about 1,200 people in 17 offices across the state. Sunday said some employees had to do work “via alternate channels and methods” as a result of the cyberattack.

After the breach was announced, the attorney general’s office requested a 30-day a pause on all civil and criminal litigation from the state. In a letter to the Philadelphia Court of Common Pleas the day after the attack, the attorney general’s office said it could not proceed with litigation.

“Office of Attorney General staff are unable to access any litigation data, which prevents our attorneys from contacting witnesses, timely responding to pleadings, conducting discovery, or otherwise proceeding with litigation,” the letter said. “IT staff are working diligently to identify and resolve the problem, but we are unable to access our computer systems for the foreseeable future.”

The pause on cases in Philadelphia’s state court was extended another 30 days. In the Eastern District of Pennsylvania, the state’s federal court that covers Philadelphia, a pause on cases involving the attorney general’s office will continue until Oct. 2.

In another statement in late August, Sunday said his office was working hard to bounce back from the disruption. He said the attorney general’s office will continue to provide updates on the investigation.

“This situation has certainly tested OAG staff and prompted some modifications to our typical routines — however, we are committed to our duty and mission to protect and represent Pennsylvanians, and are confident that mission is being fulfilled,” Sunday said.