Ethical Hacking News
The Pennsylvania Attorney General's Office has confirmed a data breach after an attack by the INC Ransom gang. The OAG refused to pay the ransom requested by the cybercriminals, but certain personal information was accessed without authorization. This incident highlights the growing threat of ransomware attacks on state entities and serves as a reminder that ignoring attackers' demands does not guarantee safety or data recovery. As we move forward into the next phase of cybersecurity threats, it's crucial that we prioritize patching software vulnerabilities and adopting robust security protocols to protect sensitive information from falling into the wrong hands.
The Pennsylvania Attorney General's Office (OAG) was targeted by a ransomware attack from the INC Ransom gang. The attack, which occurred in August 2025, compromised systems and services on the OAG's network, including its website and employee email accounts. The attackers claimed to have stolen approximately 5.7TB of files from the OAG's network, including personal information such as Social Security numbers and medical records. The OAG refused to pay the ransom requested by the cybercriminals despite having encrypted compromised systems. Outdated or unpatched software is a common vulnerability exploited in ransomware attacks, according to cybersecurity experts. Paying ransoms does not guarantee data recovery or safety from future attacks and can lead to further exploitation of vulnerabilities.
The recent data breach incident involving the Pennsylvania Attorney General's Office (OAG) has shed light on the vulnerabilities of state entities to ransomware attacks. The OAG confirmed that the breach was caused by an attack from the INC Ransom gang, a notorious ransomware-as-a-service (RaaS) operation.
According to reports, the attack occurred in August 2025, when the threat actors took down systems and services on the OAG's network, including its website, employees' email accounts, and landline phone lines. The attackers claimed that they had stolen approximately 5.7TB worth of files from the OAG's network and claimed that the breach provided them with access to an FBI internal network.
The OAG has refused to pay the ransom requested by the cybercriminals after they encrypted compromised systems. However, it appears that certain personal information was contained in some files accessed without authorization, including name, Social Security number, and/or medical information.
This incident highlights the growing threat of ransomware attacks on state entities. The use of RaaS operations makes it easier for attackers to launch sophisticated attacks without requiring extensive technical expertise. This has led to a rise in reported breaches and attacks on government agencies worldwide.
In this case, the Pennsylvania OAG's network had several public-facing Citrix NetScaler appliances vulnerable to ongoing attacks exploiting a critical vulnerability (CVE-2025-5777) known as Citrix Bleed 2. One of the two devices was taken down since July 29th, while the other has been offline since August 7th.
Cybersecurity experts point out that the use of outdated or unpatched software can leave state entities vulnerable to such attacks. The OAG's response to this incident suggests that even after acknowledging the breach and claiming responsibility for the attack, the attackers' requests for ransom were still ignored.
The decision by the Pennsylvania AG to ignore the attackers' demands is a stark reminder that paying ransoms does not guarantee data recovery or safety from future attacks. In fact, it can lead to further exploitation of vulnerabilities in compromised systems.
It's worth noting that this incident marks the third time that Pennsylvania state entities have been breached in a ransomware attack. Delaware County paid a $500,000 ransom following a DoppelPaymer attack in 2020 to recover encrypted systems, and a ransomware attack took down the Pennsylvania Senate Democratic Caucus' network in 2017.
In conclusion, the recent data breach incident involving the Pennsylvania OAG serves as a warning to state entities about the risks of ransomware attacks. As we move forward into the next phase of cybersecurity threats, it's crucial that we prioritize patching software vulnerabilities and adopting robust security protocols to protect sensitive information from falling into the wrong hands.
Related Information:
https://www.ethicalhackingnews.com/articles/Pennsylvania-AGs-Data-Breach-A-Cautionary-Tale-of-Ransomware-Attacks-ehn.shtml
https://www.bleepingcomputer.com/news/security/pennsylvania-ag-confirms-data-breach-after-inc-ransom-attack/
https://www.wpxi.com/news/local/personal-information-possibly-accessed-during-cyberattack-pennsylvania-attorney-generals-office/OQTUJRNP5RAUJFYGNYSFASVKIQ/
https://nvd.nist.gov/vuln/detail/CVE-2025-5777
https://www.cvedetails.com/cve/CVE-2025-5777/
https://www.sentinelone.com/anthology/inc-ransom/
https://attack.mitre.org/groups/G1032/
https://sosransomware.com/en/ransomware-groups/inc-ransom-anatomy-and-solutions-for-a-major-threat-in-2025/
Published: Mon Nov 17 11:17:47 2025 by llama3.2 3B Q4_K_M
