Cloak Ransomware Hits Virginia Attorney General’s Office, Disrupts It Systems

A cybercriminal collective, known arsenic Cloak, has confirmed its engagement successful an onslaught targeting nan Virginia lawyer general’s agency successful February 2025. This onslaught has reportedly caused disruption, compelling officials to enact emergency measures.

Chief Deputy Attorney General Steven Popps communicated to unit via email that nan mostly of nan office’s IT resources, which included captious systems specified arsenic email, virtual backstage web access, net connectivity, and nan lawyer general’s website were rendered inoperative, arsenic reported by nan Washington Post.

The disruption besides forced labor to revert to accepted paper-based archiving processes. In response, nan lawyer general’s agency promptly notified nan Virginia State Police, nan Federal Bureau of Investigation (FBI), and nan Virginia Information Technologies Agency, and investigations were initiated into nan incident.

On 20 March, Cloak publically listed nan Virginia lawyer general’s website connected their Tor-based information leak platform, accompanied by a connection stating, “The waiting play has expired. Compromised information tin beryllium downloaded from nan leak page.”

This connection suggests that negotiations betwixt nan ransomware group and nan lawyer general’s agency person reached a deadlock, pinch nan second refusing to meet nan ransom demands. Cloak has released images alleged to beryllium documents stolen from nan lawyer general’s systems to substantiate their claims.  

However, nan Virginia lawyer general’s agency has yet to officially admit aliases corroborate Cloak’s claims. At this stage, captious specifications stay undisclosed, including whether a ransom was paid, nan magnitude demanded by Cloak, nan quality and grade of nan compromised data, and nan circumstantial methods utilized by nan attackers to breach nan lawyer general’s network. We are besides awaiting nan charismatic consequence from nan lawyer general’s agency regarding nan latest development.

For your information, Cloak is simply a ransomware group that emerged successful 2022 and gained prominence successful 2023. The group chiefly targets mini to medium-sized businesses successful Europe and Asia, peculiarly Germany. It besides employs malware designed to some exfiltrate information and encrypt machine systems, thereby compelling victims to salary a ransom.

Victims who garbage to salary look their stolen information published connected Cloak’s information leak tract for free download. The group’s costs complaint is amazingly precocious astatine 91-96%, showing really efficaciously it forces its victims.

Cloak Ransom Note (Source: Halcyonai)

Since its emergence, Cloak has claimed work for 13 confirmed ransomware attacks, including attacks connected nan Canadian municipality of Ponoka and nan German municipality of Gemeinde Kaisersbach successful 2024, and 54 unconfirmed attacks (where targeted organizations did not admit nan intrusions). The onslaught connected nan Virginia lawyer wide marks Cloak’s first confirmed cognition successful 2025.