Nearly three weeks after a ransomware attack brought down critical systems at the Pennsylvania Office of Attorney General (OAG), the agency continues to recover, with uncertainty still surrounding what data may have been compromised. Attorney General Dave Sunday confirmed in a recent update that “substantial progress” has been made toward restoration, though full resolution remains out of reach.
The attack forced approximately 1,200 staff members across 17 home offices to adopt major workarounds in order to maintain daily operations. Systems taken offline included the OAG’s website, internal email, and staff phone lines, leaving employees to rely on alternate methods to carry out essential work.
Attackers Encrypted Files and Demanded Payment, But No Ransom Has Been Paid
In his latest statement, Sunday disclosed that the attack stemmed from “an outsider encrypting files in an effort to force the office to make a payment to restore operations.” He stressed that the agency has not complied with the attackers’ demands.
“This situation has certainly tested OAG staff and prompted some modifications to our typical routines,” Sunday said.
Despite the widespread disruption, Sunday emphasized that staff attorneys and investigators have remained able to appear in court and carry out duties. Courts have granted extensions in certain criminal and civil cases, but officials insist that no prosecutions or investigations have been derailed.
Court Case Delays Highlight Ripple Effects of the Ransomware Incident
Although no cases have been dropped, the ransomware attack has forced some courts to issue delays. Legal proceedings dependent on timely access to electronic filings have been slowed, underscoring the reliance of judicial systems on digital platforms.
Even so, the Attorney General’s office has reassured the public that critical legal functions remain intact. The agency noted that complaints from Pennsylvanians are still being received and that communication with local, state, and federal partner agencies continues without interruption.
Extent of Data Accessed or Stolen Remains a Mystery
One of the most pressing unanswered questions is whether attackers accessed sensitive data during the incident. To date, the OAG has not disclosed the type or amount of data that may have been exposed.
The lack of clarity raises concerns that confidential information—such as court filings, investigative materials, or witness identities—could have been compromised. Officials have not explained how the attackers breached the network, nor whether weaknesses in security controls contributed to the intrusion.
Sensitive Files Pose High-Value Targets for Threat Actors
The potential exposure of confidential case files highlights a broader trend of justice agencies facing cyber threats. U.S. Federal Courts recently warned that documents held by court systems—including sealed filings and details of witnesses or confidential informants—are attractive targets for cybercriminals and nation-state actors.
Earlier this year, the U.S. Federal Court system and the Netherlands-based International Criminal Court (ICC) both confirmed cyber incidents that raised similar concerns. The Pennsylvania OAG attack now adds another example of how legal institutions remain at risk from ransomware operations.
Attorney General’s Office Stresses Resilience Despite Ongoing Challenges
In updates posted to Facebook and other public channels, Attorney General Sunday reassured citizens that teams are working “around the clock” to restore systems.
“This is a frustrating situation, and everyone is doing their very best,” he said, adding that IT staff were “diligently working around the clock to resolve the matter.”
He further pledged: “We will continue to do the work of protecting Pennsylvanians no matter the obstacle.”
The OAG also noted that it is working to help other agencies avoid similar scenarios, signaling that the breach may have broader implications for state government systems housed within Harrisburg.
While officials have ruled out any disruption to criminal prosecutions or investigations, the long-term implications for Pennsylvania’s Attorney General’s office remain unclear. The ransomware group behind the attack has not been named, nor have details been provided on whether negotiations took place before the decision not to pay ransom.
The lack of visibility into what data may have been exposed leaves open questions for court systems, government offices, and Pennsylvania residents alike. For now, recovery continues, with the OAG promising additional updates as investigations proceed.
