A ransomware gang hacked the Gloucester County, VA local government

Ransomware gang BlackSuit today claimed responsibility for an April 2025 data breach of the Gloucester County, Virginia local government.

Gloucester County officials first announced their offices experienced a network disruption on April 22. A day later, it said connectivity issues limited staff access to emails and disrupted operations.

County officials have not verified BlackSuit’s claim. We do not know if the county did or will pay a ransom, how much BlackSuit demanded, what data might be compromised, or how attackers breached the county’s network.

In response to Comparitech’s questions, county administrator Carol Steele gave the following statement:

“Gloucester County, Virginia, is continuing to investigate a cybersecurity incident that impacted our organization on April 21. Upon discovery, we immediately launched an investigation and engaged leading outside cybersecurity experts to assess the scope and impact. Fortunately, our critical operations were never impacted.

We were notified today that data from our systems has been posted to the dark web, a part of the internet known for its criminal activity. We are working closely with local and state law enforcement on this matter.

With our cybersecurity experts, we are reviewing that data and commit to being transparent about whether it involves the personal information of our constituents and/or employees. This review process is typical following such an incident and will take several days. If we find that personal information has been exposed, we will notify those individuals as quickly as possible to provide guidance and credit monitoring services.

We understand the trust that our community has placed in our organization, and we will honor it through clear and open communication about the impact of this situation.”

Who is BlackSuit?

BlackSuit is a ransomware gang that first emerged in April 2023. It has a history of attacking critical industries like healthcare, government, and education. It’s a private operation and doesn’t employ a ransomware-as-a-service business model. BlackSuit often extorts victims both for the decryption key to restore attacked systems and in exchange for not selling or publishing stolen data.

Since it started, BlackSuit has claimed responsibility for 66 confirmed ransomware attacks, compromising more than 2.8 million records. Anther 108 unconfirmed claims haven’t been acknowledged by the targeted organizations.

Other recently confirmed BlackSuit attacks include:

• Neighbors Credit Union notified more than 4,000 people of a September 2024 data breach
• Orangeville, Canada reported a cyber attack in February 2025

In similar attacks on local governments, BlackSuit claimed responsibility for hacking Cullman County, Alabama; Cedar Fall, Iowa; and the Kansas City, Kansas police department.

Ransomware gangs on US government

In 2025 to date, Comparitech researchers have logged 21 confirmed ransomware attacks on US government entities.

Last month, we recorded attacks on the Oregon Department of Environmental Health; the Arizona Public Defender’s Office; the Hamilton County, TN Sherriff’s Office; and Iowa County, WI.

It takes government entities an average of four months to notify victims of a data breach, according to our analysis.

Ransomware attacks on US government agencies and departments can steal data and lock down computer systems. The attacker then demands a ransom to delete the stolen data and in exchange for a key to recover infected systems. If the target doesn’t pay, it could take weeks or even months to restore systems, and people whose data was stolen are put at greater risk of fraud. Ransomware can disrupt everything from communications to billing, payroll, and online services.

About Gloucester County, Virginia

Gloucester County is home to about 39,000 people near Chesapeake Bay, Virginia.