SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Ransomware
#
Phishing
#
Cybersecurity

Qilin ransomware gang hits US courts & agencies in renewed wave

Today
Author image
By Kaleah Salmon, Journalist

The ransomware group known as Qilin, also referred to as Agenda, has recently claimed responsibility for two significant cyberattacks targeting US government entities: the Cleveland Municipal Court in Ohio and the North Platte Natural Resources District in Nebraska. The group's activities have drawn renewed attention to the increasing threat posed by ransomware to public sector institutions across the United States.

Qilin announced its responsibility for the February 2025 attack on the Cleveland Municipal Court, which forced the court to cease operations immediately following the breach. Although services at the court were restored on March 12, almost three weeks later, they were still struggling to return to standard operations. The court has yet to confirm Qilin's claim, and an official statement regarding the potentially compromised data has not been released.

In a separate attack claimed by Qilin, the North Platte Natural Resources District fell victim in November 2024. The gang did not specify the data compromised in this incident, but urged victims to take steps to protect their identities and Social Security numbers from possible abuse. Local authorities have not commented on the group's responsibility claim or disclosed the extent of the breach.

Paul Bischoff, Consumer Privacy Advocate at Comparitech, described Qilin as a Russia-based hacking operation that began publicising its attacks in late 2022. "Qilin is a ransomware group that began claiming responsibility for attacks on its website in late 2022. Also known as Agenda, Qilin is a Russia-based hacking group that mainly targets victims through phishing emails to spread its ransomware," Bischoff said.

He added, "It launched in August 2022 and runs a ransomware-as-a-service business in which affiliates pay to use Qilin's malware to launch attacks and collect ransoms."

The group's method of attack typically involves phishing emails that deliver malicious software capable of both encrypting and exfiltrating sensitive data. Qilin then demands a ransom, both for the deletion of the stolen data and for providing a decryption key to the affected organisations. "If the target doesn't pay, it could take weeks or even months to restore systems, and people whose data was stolen are put at greater risk of fraud," Bischoff warned. "Ransomware can disrupt everything from communications to billing, payroll, and online services."

Since its emergence, Qilin has been responsible for 58 confirmed ransomware attacks worldwide, with 12 targeting government entities. The group's hit list includes municipal and health agencies, such as the city of West Haven in Connecticut, the Palau Ministry of Health and Human Services, and the town of Bedford, Massachusetts. In 2025 alone, Qilin claims 12 confirmed attacks, with 128 additional unverified claims yet to be acknowledged by the targeted organisations.

Comparitech's researchers have tracked an escalating trend in attacks on US government entities, with 92 confirmed ransomware incidents in 2024 and 14 already recorded in 2025. Ransomware attacks like those attributed to Qilin often create wide-ranging disruptions in public services, as seen in the protracted recovery experienced by the Cleveland Municipal Court.

Comparitech has also published research analysing the impacts and frequency of ransomware strikes against government bodies in the United States and worldwide, as well as a special report detailing confirmed and unconfirmed ransomware attacks in the first quarter of 2025. The findings underscore the persistent threat ransomware poses to public institutions and highlight the challenges these organisations face in defending critical data and resuming normal operations following disruptive cyberattacks.

As government entities become increasingly targeted by well-organised cybercriminal syndicates, authorities and cybersecurity experts stress the importance of investing in robust cyber defences, staff training to counter phishing attempts, and transparent post-breach communication to mitigate risks to public services and citizens' data.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
NetRise adds key executives as it eyes global market growth
Veeam highlights ESG progress in first global sustainability report
CrowdStrike launches Falcon Privileged Access to block threats
Most firms overestimate data resilience, risking USD $400 billion
Saviynt to showcase AI-driven identity security at RSA 2025
Top stories
Proofpoint launches unified cybersecurity solution to cut costs
Proofpoint unveils unified AI data security platform for enterprises
Cookie theft bypasses MFA and grants cloud access
Lineaje launches AI-powered self-healing for software security
Proofpoint unveils unified platforms to combat data & cyber risks