A gang of ransomware hackers accessed systems used by Illinois government agencies for a few hours May 31, officials from the state Department of Innovation and Technology announced Friday.
While it still wasn’t clear exactly what information was accessed or affected, state officials investigating the cyberattack said they expect it to end up impacting a “large number” of people.
Federal authorities have attributed the attack to the CL0P Ransomware Gang, which also went after major companies around the world in a massive coordinated effort last month.
CL0P hackers gained access to MOVEit software, getting into Illinois’ network for about three hours, officials said.
Sanjay Gupta, Illinois’ chief information officer, said in a statement that state security teams have verified “that the vulnerability could no longer be exploited in our system.
“We are working with all relevant authorities and will provide regular updates to the people of Illinois,” Gupta said.
Officials have not released information on what information could have been vulnerable in the attack — or if a ransom had been demanded for the compromised information, as the gang has sought in the past.
The BBC, British Airways and Boots — Walgreens’ UK-based retail and health stores — previously told a combined 100,000 employees that payroll data may have been taken as part of the same attack on MOVEit systems used by their payroll provider.
Considered “one of the largest phishing and malspam distributors worldwide” by the federal Cybersecurity and Infrastructure Security Agency, CL0P has been credited with compromising more than 8,000 organizations globally since 2019.
The latest attack on MOVEit systems was launched earlier in May and discovered June 2.
A separate attack was conducted by the ransomware group in January 2023, utilizing phishing scams and later threats to release information.
Over several weeks, ransom notes were sent to “upper level executives” of companies affected by the scams, with the emails claiming to have stolen “important information” from more than 100 victims, federal officials said.
“[We] wanted to negotiate with you and your leadership first,” the ransom notes said. “If you ignore us, we will sell your information on the black market and publish it on our blog.”
Hackers have targeted Illinois in the past. State Attorney General Kwame Raoul’s office network was breached in 2021, and Russian hackers went after the state Board of Elections website in 2016.