Ransomware gang says it hacked the Virginia Attorney General

Ransomware gang Cloak today claimed responsibility for a February 2025 cyber attack on the attorney general of Virginia.

In February, the attorney general was hit by a cyber attack that prompted officials to shut down computer systems including email, VPN, internet access, and the AG’s website, according to the Washington Post. Employees were forced to file paper documents instead of digital ones.

Cloak now lists the Virginia attorney general’s website on the group’s data leak site with a message that says, “The waiting period has expired. Compromised data can be downloaded from the leak page.”

The message implies negotiations between Cloak and the AG failed, and the AG did not pay a ransom. To prove its claim, Cloak posted images of what it says are documents stolen from the attorney general.

The Virginia attorney general has not verified Cloak’s claim. We do not yet know if the AG paid a ransom, how much Cloak demanded, what data was compromised, or how attackers breached the AG’s network. Comparitech contacted the Virginia attorney general for comment and will update this article if it replies.

Who is Cloak?

Cloak is a ransomware group that first started claiming its cyberattacks in August 2023. Its malware both steals data and locks down computer systems, forcing victims to pay a ransom or face extended downtime, data loss, and putting data subjects at increased risk of fraud.

Since it began, Cloak has claimed 13 confirmed ransomware attacks and 54 unconfirmed attacks that weren’t acknowledged by the targeted organizations. This attack on the Virginia attorney general is Cloak’s first confirmed attack in 2025.

In 2024, Cloak claimed responsibility for attacks on the town of Ponoka, Canada and the municipality of Gemeinde Kaisersbach, Germany.

Ransomware attacks on US government

Ransomware attacks on US government agencies and departments can both steal data and lock down computer systems. The attacker then demands a ransom to delete the stolen data and in exchange for a key to recover infected systems. If the target doesn’t pay, it could take weeks or even months to restore systems, and people whose data was stolen are put at greater risk of fraud. Ransomware can disrupt everything from communications to billing, payroll, access to data and applications, and online services.

Comparitech researchers have logged 10 confirmed ransomware attacks on US government agencies in 2025 so far. Earlier this week, we confirmed Qilin’s attack on the Cleveland Municipal Court, which is still facing service disruptions three weeks later.

About the attorney general of Virginia

The Virginia Attorney General is an elected position currently held by Jason Miyares. Attorney generals represent the legal interests of people in their states and enforce laws.