Ransomware gang Qilin claims cyber attack on Aiken Electric Cooperative – 4.6K+ affected

Ransomware gang Qilin has uploaded South Carolina utility company, Aiken Electric Cooperative, Inc., to its data leak site. It alleges to have stolen over 500GB of data. This follows confirmation of a cyber attack and subsequent data breach from Aiken Electric at the start of September.

In its notification, Aiken Electric stated: “On September 1, 2024, Aiken Electric detected unusual activity on our network.” Following an investigation, “Aiken Electric determined on September 18, 2024, that an unauthorized actor potentially accessed and acquired certain files and data stored within Aiken Electric’s network environment.”

So far, 4,608 people are confirmed to have been affected with the majority (4,604) being located in South Carolina. The data affected includes names, Social Security Numbers, financial information, and driver’s licenses. Aiken Electric is offering all those affected 24 months of free credit monitoring and ID theft protection via Cyberscout (TransUnion).

Aiken Electric hasn’t confirmed Qilin’s claims, whether or not a ransom was demanded/paid, or how the hackers were able to infiltrate its systems. Comparitech has contacted the Cooperative for more information and will update this article if it responds.

Who is Qilin?

Qilin, also known as Agenda, is a Russia-based hacking group that mainly targets victims through phishing emails to spread its ransomware. Its attacks usually involve double extortion, in which Qilin demands payment to decrypt files encrypted by its ransomware, as well as a second payment in exchange for not releasing or selling stolen data. It also offers ransomware-as-a-service to third parties.

Qilin first appeared in August 2022 and, since then, we’ve tracked 29 confirmed attacks via this group. These attacks have affected over 1.4 million records in total. In this latest batch of uploads to its data leak site, Qilin also claimed an October 2024 breach on manufacturing company, Daikin Thailand (Siam Daikin Sales Co., Ltd.).

So far this year, we’ve also tracked 118 unconfirmed attacks via this group.

Ransomware attacks on US utility companies

This year, we have noted an influx of ransomware attacks on US utility companies with 12 confirmed in total (compared to 7 in 2023 and 9 in 2022). These attacks have affected 804,116 records–more than double the number noted in 2023 (324,521) and far higher than 2022’s total (1,520). This vast increase in the records affected via these ransomware attacks highlights the fact that many hackers are now carrying out double-extortion attacks.

Other recently confirmed attacks on US utility companies include Halliburton (hit by RansomHub in August 2024), OzarksGo (hit by Play in October 2024), Cucamonga Valley Water District (hit by Fog in August 2024–no ransom paid), and Rumpke Consolidated Companies, Inc. (hit by Hunters International in October 2024).

We have also noted 32 unconfirmed attacks on this sector this year so far. This includes another overnight claim from Qilin on Mount Laurel Municipal Utilities Authority.

About Aiken Electric Cooperative

Aiken Electric Cooperative is a non-profit utility company serving over 50,000 members in various counties, including Aiken, Barnwell, Calhoun, Edgefield, Greenwood, Lexington, McCormick, Orangeburg, and Saluda. It recently received federal assistance to expand its infrastructure to rural communities.