Ransomware gang says it hacked the Cleveland Municipal Court

Ransomware gang Qilin today claimed responsibility for a February 23, 2025 cyber attack on the Cleveland Municipal Court. The court immediately shut down all operations and reopened on March 12, 2025.

Now three weeks later, the court is still struggling to resume normal operations. Employees report being unable to access the internet and court computer systems. Background checks have been delayed. And the court’s official website (clevelandmunicipalcourt.org) is still down at time of writing.

The court has not verified Qilin’s claim. We do not yet know whether any personal data was breached, if the court paid a ransom, how much Qilin demanded, or how attackers breached the court’s network. Comparitech contacted city officials for comment and will update this article if they reply.

Who is Qilin?

Qilin is a ransomware group that began claiming responsibility for attacks on its website in late 2022. Also known as Agenda, Qilin is a Russia-based hacking group that mainly targets victims through phishing emails to spread its ransomware. It launched in August 2022 and runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.

The group has claimed 51 confirmed ransomware attacks since it began, compromising about 1.9 million records.

In 2025, three of Qilin’s seven confirmed attacks were on government entities, including the city of West Haven, CT and the Palau Ministry of Health and Human Services.

Qilin’s other recent confirmed attack claims include:

• Utsonomya Central Clinic in Japan notified 300,000 patients of a data breach
• Lee Enterprises says an attack disrupted many of its 70-plus newspapers
• German Bishops Conference says it was hacked
• Central Texas Orthopedics notified 90,000 people of a data breach

Qilin has claimed another 78 unconfirmed attacks in 2025 that haven’t been acknowledged by the targeted organizations.

Ransomware attacks on US government

Ransomware attacks on US government agencies and departments can both steal data and lock down computer systems. The attacker then demands a ransom to delete the stolen data and in exchange for a key to recover infected systems. If the target doesn’t pay, it could take weeks or even months to restore systems, and people whose data was stolen are put at greater risk of fraud. Ransomware can disrupt everything from communications to billing, payroll, and online services.

In 2025 so far, Comparitech researchers have logged nine confirmed ransomware attacks on US government entities at federal, state, and local levels. Another 17 such attacks have been claimed by ransomware gangs but not confirmed by authorities.

Other US government entities hit by ransomware in February include:

Read more about ransomware attacks on US government here.

About the Cleveland Municipal Court

Located in downtown Cleveland, OH, the Municipal Court handles minor criminal and civil cases. Residents can normally use the website to pay for traffic fines and other violations. The court’s records are used for background checks.