The Cloak ransomware group has publicly claimed responsibility for a cyberattack on the Virginia Attorney General’s Office (AGO) that disrupted its systems in February. The attack, which impacted nearly all of the AGO’s computer systems, internal services, applications, and website, also affected internet connectivity and VPN access, forcing employees to revert to paper-based processes for court filings.
The Attack and Its Impact
The incident came to light in mid-February when the AGO informed employees via email about the widespread system outages. While the agency refrained from publicly disclosing details about the intrusion, the Cloak ransomware group added the Virginia AGO to its Tor-based leak site on March 20. The group made allegedly stolen data available for download, suggesting that their extortion attempt was unsuccessful.
SecurityWeek reached out to the Virginia Attorney General’s Office for comment but has not yet received a response.
About the Cloak Ransomware Group
Active since late 2022, Cloak has reportedly targeted over 65 victims, though only 13 attacks have been confirmed, according to cybersecurity firm Comparitech. The Virginia AGO attack marks Cloak’s first confirmed breach in 2024.
The group is known to use an ARCrypter variant, derived from leaked Babuk ransomware code, for encryption. Cloak is believed to have ties to the Good Day ransomware group and employs social engineering tactics for initial access. Additionally, the group collaborates with initial access brokers and primarily targets small- and medium-sized businesses in Europe and Asia.
The Broader Threat of Ransomware
The Virginia AGO attack underscores the growing threat posed by ransomware groups, particularly those targeting government agencies and critical infrastructure. While Cloak’s extortion attempt appears to have failed in this instance, the incident highlights the need for robust cybersecurity measures to protect sensitive data and maintain operational continuity.
As ransomware attacks continue to evolve, organizations must prioritize proactive defense strategies, including employee training, regular system updates, and advanced threat detection tools, to mitigate risks and respond effectively to potential breaches.
