The Pennsylvania Office of Attorney General was the victim of a ransomware attack earlier this month, Spotlight PA has learned.
The attack, first reported by the office on Aug. 11 as a “cyber incident,” has impaired many functions of the agency, as some staff and prosecutors remain unable to access archived emails, files, and internal systems crucial to pursuing cases on behalf of the commonwealth.
The office confirmed the attack to Spotlight PA on Friday.
“The interruption was caused by an outsider encrypting files in an effort to force the office to make a payment to restore operations,” according to a statement shared by the office. “No payment has been made. An active investigation is ongoing with other agencies, which limits our ability to comment further on the investigation or response to the incident.”
The Office of the Attorney General is the state’s top law enforcement agency. Attorneys with the office pursue both civil and criminal cases, as well as defend the state government. They do this across a variety of courts, including county-level Common Pleas, state-level appellate courts, and federal courts.
Standing orders from Philadelphia and federal courts have postponed some cases through at least mid-September, citing an inability for attorneys with the office to contact witnesses, produce discovery, or respond to filings in a timely manner, all basic steps necessary for court cases to proceed.
On Friday, the office said, “We do not expect — based on what the investigation has revealed so far — that any criminal prosecutions or investigations or civil proceedings will be negatively impacted solely due to the outside interruption.”
“Attorneys have been going to court and agents have been performing investigative tasks over the past three weeks,” according to the office.
An Aug. 12 letter from Senior Deputy Attorney General Cara Greenhall to Philadelphia Common Pleas Judge Daniel Anders acknowledged that “Office of Attorney General staff are unable to access any litigation data.”
“IT staff are working diligently to identify and resolve the problem, but we are unable to access our computer systems for the foreseeable future,” Greenhall wrote.
In response, Anders suspended all civil trial litigation through Sept. 12. Anders also postponed criminal matters related to individuals challenging their convictions through Sept. 21.
All three federal district courts have issued similar standing orders, which will bring civil cases to a standstill for at least the next month. It remains unclear whether criminal cases are similarly affected.
The Eastern and Middle District orders refer to the incident as a “cyberattack.”
Spotlight PA was not able to immediately determine how the incident is impacting other county courts or the three state appellate courts.
In an Aug. 18 news release, Attorney General Dave Sunday acknowledged an “outside interruption” brought down the office’s website, phones, and email systems, but at the time, the office did not publicly identify a cause for the situation.
An earlier release from the agency said that “the network that hosts the Office of Attorney General’s systems is currently down, meaning the office’s website is offline, as are office email accounts and land phone lines.”
Friday’s statement said that a “majority of office staff” can access email and that the department’s main phone line and website are functional. The state’s complaint and online registration site for home improvement contractors remains down.
In the releases, Sunday called the situation “frustrating” and thanked both technology staff and law enforcement partners for “working around the clock to resolve the matter.”
“This situation has certainly tested OAG staff and prompted some modifications to our typical routines — however, we are committed to our duty and mission to protect and represent Pennsylvanians, and are confident that mission is being fulfilled,” Sunday said in the Friday statement. “You can judge the character of an organization by how it reacts to adversity. I am very proud of our staff who continue to work and find ways to overcome these unexpected hurdles to fulfill our duty to the Commonwealth.”
Spotlight PA asked Sunday’s office for further clarification on how the attack occurred and whether any sensitive information has been compromised. Friday’s statement did not answer these questions.
In response to questions from Spotlight PA, an FBI spokesperson said the agency is aware of the incident, but has “nothing further to provide.”
Pennsylvania is the latest state to have a cyber incident affect its attorney general. Earlier this year, Virginia’s state attorney general’s office was the victim of a ransomware attack that knocked nearly all its computer systems offline. In 2021, the Office of the Illinois Attorney General also suffered a cyberattack.
Earlier this year, state Sen. Kristin Phillips-Hill (R., York) introduced a slate of legislation aimed at improving Pennsylvania’s cybersecurity preparedness, including a bill that would establish a chief information officer to oversee regular system updates, data maintenance, and other security standards across state agencies.
These bills will strengthen cybersecurity measures, they’ll enhance oversight, and they’ll improve government responsiveness to digital threats,” Phillips-Hill said in a March video introducing the package. “We cannot afford to be reactive on cybersecurity.”
Pennsylvania faced one such threat in 2017, when a ransomware attack hit the state Senate Democratic caucus, locking lawmakers and staff out of their systems. The hackers demanded payment in a cryptocurrency amount valued at roughly $30,000, according to reporting from the time. The caucus declined at the advice of the FBI, but ultimately paid more than $700,000 to Microsoft to rebuild its system.
Members of the public looking to contact the attorney general’s office can call (717) 787-3391 or email info@attorneygeneral.gov. People can still file complaints at attorneygeneral.gov, but there may be processing delays.