Ransomware gang says it hacked the Sheriff of Hamilton County, TN

Ransomware gang Qilin this week claimed responsibility for an April 14, 2025 cyber attack on the Hamilton County Sheriff’s Office in Chattanooga, TN.

The Hamilton County Sheriff’s Office in on May 2 acknowledged a ransomware attack, saying the hackers demanded $300,000 in ransom. The sheriff says HCSO did not pay the ransom, but did pay $48,000 to Vendetta, a third-party cybersecurity firm. The attack disrupted the sheriff’s office IT systems for more than two weeks, forcing officials to shut down HCSO’s website, press releases, warrant search, tip line, mugshot database, and more.

The Hamilton County Sheriff’s Office has not verified Qilin’s claim. We do yet know if any personal data was compromised, how many people are affected, or how attackers breached the sheriff’s network. Comparitech contacted the Hamilton County Sheriff’s Office for comment and will update this article if it replies.

Who is Qilin?

Qilin is a ransomware gang that started claiming responsibility for attacks on its website in late 2022. Also known as Agenda, Qilin is a Russia-based hacking group that mainly targets victims through phishing emails to spread its ransomware. It launched in August 2022 and runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.

Qilin has claimed responsibility for 65 confirmed ransomware attacks since 2022, compromising more than 2 million records. 14 of those attacks hit government agencies and departments, including:

• West Haven, CT notified 4,932 people of a January 2025 data breach
• Palau Ministry of Health and Human Services was hit in February 2025
• Cleveland Municipal Court received a $4 million ransom demand in February 2025
• Cobb County, GA notified 10 people of a breach in March 2025

Qilin made another 171 unconfirmed attack claims that haven’t been acknowledged by the targeted organizations. Three of those allegedly hit government organizations.

Ransomware attacks on US government

In 2025 so far, Comparitech researchers have logged 20 confirmed ransomware attacks on US government entities. Other such attacks from last month include:

• The Oregon Department of Environmental Quality refused to pay a $2.6 million ransom to Rhysida
• The Arizona Federal Public Defender’s Office was hit by unknown attackers
• DuPage County, IL’s local government was hit by unknown attackers

Ransomware attacks on US government agencies and departments can both steal data and lock down computer systems. The attacker then demands a ransom to delete the stolen data and in exchange for a key to recover infected systems. If the target doesn’t pay, it could take weeks or even months to restore systems, data could be lost forever, and people whose data was stolen are put at greater risk of fraud.

According to our data, it takes an average of 19.5 days for government organizations to recover from ransomware attacks.

About Hamilton County Sheriff’s Office

Hamilton County is the fourth-largest county in Tennessee by population, and its biggest city is Chattanooga. On the sheriff’s website, residents can submit tips; get accident, incident, and booking reports; schedule video visits; look up warrants; retrieve impounded cars; register as a sex offender; file restraining orders; get information about inmates; and more.