Cyber attack on Illinois Attorney General's office appears far worse than first thought

CHICAGO (WLS) -- Illinois' top law enforcement agency has been under attack now since at least April 10. A ransomware gang penetrated the Attorney General's computers and took control of countless confidential files, containing case information and personal data, essentially locking down the system office and statewide.

They are the lawyers for the state and they are having to use personal email addresses to communicate, according to court records. Some private attorneys say they are unable to access needed case files and other resources.

As the attack drags on, cyber thieves apparently are refusing ransom demands. They've already published private information according to The Record, a cybersecurity watchdog.

The Illinois Attorney General hotline gives a haunting list of the information available to criminal hackers: names, addresses, email addresses, Social Security numbers, account number information, and more.

Former Assistant US Attorney Jeff Cramer, a Chicago security expert, said the danger can't be overstated.

"That's why the breach needs to be sealed...precautions put in place, safety measures put in place going forward, so that people will feel comfortable moving forward with their case at the Illinois Attorney General's office," said Cramer.

Illinois Attorney General Kwame Raoul received a scathing report just two months before the attack. The state audit cited "weaknesses in cybersecurity programs and practices," that they hadn't performed a comprehensive formal risk assessment or classified data to establish the types of information most susceptible to attack to ensure adequate protection. It also found unidentified risk and vulnerabilities susceptible to cyber attacks and unauthorized disclosure.

In 2016, Russian hackers penetrated Illinois' election database, stealing millions of voter records. That resulted in a shoring up of the election system.

A similar rebuilding is underway in the Attorney General's office according to officials there, who said they're working with tech experts and law enforcement to understand the breach. They also confirm their ability to provide some information is limited as they restore "integrity, security and confidentiality."