Over the weekend, ransomware gang Qilin claimed an attack on the City of Blaine, Minnesota. It alleged to have stolen 489 GB of data and uploaded various documents within its proof pack, including an internal investigation within the police department and documents containing personal information.
On April 18, the city confirmed it had experienced a “network security incident” earlier that week and that investigations were underway. Emergency services weren’t interrupted and city services and phone lines remained open to the public. A spokesperson for the city also said it was too early to determine whether or not personal information had been breached in the attack.
No further updates have been provided by the city and it hasn’t confirmed Qilin’s latest claims. Comparitech has contacted the city for more information into the nature of the attack, including whether or not a ransom was demanded/paid and how many people may be involved in the breach. We will update this article if we receive a response.
Who is Qilin?
Qilin is a Russia-based group, operating as a ransomware-as-a-service business in which affiliates are paid to use the group’s ransomware to launch attacks on companies to try and secure ransom payments. In recent months, attacks via Qilin have increased, coinciding with rumors that affiliates that were working with RansomHub have migrated to Qilin.
So far this year, we’ve seen 25 confirmed attacks via this group with seven of these being on government entities. All but one (Palau Ministry of Health and Human Services) were carried out on US government organizations.
This latest attack joins:
Elsewhere, Promises2Kids also confirmed late last week that it had been hit by an attack in September 2024. Qilin had claimed an attack on the non-profit organization for foster children in August 2024.
We are also tracking 178 unconfirmed attacks from this group this year so far–three of these are on government entities (two in the US and one in Ukraine).
Ransomware attacks on US government organizations
As well as those mentioned above, Iowa County and Gloucester County recently confirmed April 2025 attacks. And earlier this month, Westfield Fire District started notifying people of a November 2024 data breach following a ransomware attack via Medusa in which the group demanded $100,000.
Our recent report found that US government agencies take an average of 4.13 months to report a data breach following a ransomware attack.
Data breaches following ransomware attacks have become increasingly common as more hackers focus on data theft as well as system encryption. While it seems as though the City of Blaine was able to overcome this attack with minimal disruption to its services, it does seem likely that a breach has occurred due to the attack. In 2024 alone, nearly 2.5 million records were breached in attacks on US government entities.
We are also monitoring 27 unconfirmed attacks from this year to date.
About the City of Blaine
Blaine, Minnesota, is located north of the Twin Cities in Anoka County and is home to around 72,000 residents.
Source link
-
-
-
-
-
-
-
-
