Ransomware gang Qilin has just added the Town of Waxhaw, North Carolina, to its data leak site after allegedly stealing 619 GB of data.
In a statement on September 14, 2025, Waxhaw confirmed that it had suffered a cyber attack in the early hours of September 12, 2025. The incident caused system “irregularities” but it assured residents that “at no time did any life safety services cease to operate” with all emergency services being “fully operational” throughout.
At the time, Waxhaw said: “We can confirm the criminals were able to access some of the Town servers, but we do not have any confirmation that data containing personal information was taken.” Comparitech contacted Waxhaw about Qilin’s claims but was told that the initial September 14 statement was all it could provide at this moment time.
The town continues to work under normal hours but some services may be impacted.
Within its proof pack, Qilin alleges to have accessed a variety of data, including internal reports and police reports. It also uploaded a copy of a passport.
Who is Qilin?
Qilin has claimed responsibility for 130 confirmed ransomware attacks since it first originated in August 2022. 80 of these attacks took place this year with 17 targeting government organizations.
Like Waxhaw, Orleans Parish Sheriff’s Office was targeted by the group this month. This attack also caused disruption to systems (jails weren’t affected, however) and 842 GB was allegedly stolen.
Last week, Qilin came forward to claim an August 2025 attack on Spartanburg County, SC. 390 GB was allegedly stolen.
In addition to the above confirmed attacks, we are monitoring 461 unconfirmed attacks from this group this year so far — 11 are on government entities.
Based in Russia, Qilin mainly targets victims through phishing emails to spread its ransomware. It runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.
Ransomware attacks on US government agencies
Over the last month, we’ve seen an onslaught of attacks against US government organizations with 14 recorded already in August and September. Across the whole year, 61 attacks have been confirmed in total.
Other recently confirmed attacks include:
- Pennsylvania Office of Attorney General – after suffering a ransomware attack in August 2025, INC claimed this attack this week after the AG refused to meet its ransom demands. INC alleges that it has stolen 5.7 TB of data
- Maryland Department of Transportation – yesterday, Rhsyida added Maryland’s Transit Administration to its data leak site, demanding a whopping $3.4 million within seven days or it’d release stolen data
- Union County, Ohio – overnight, the county started notifying 45,487 people of a data breach following an attack in May 2025. The hackers remain unknown
All of these attacks highlight how disruptive ransomware is within the government sector–not just because of their potential to cause system encryption but in the subsequent data breaches that many of these attacks result in. Across the 61 attacks noted this year, nearly 432,000 records have been affected.
We are also monitoring 38 unconfirmed attacks claimed throughout 2025.
About the Town of Waxhaw
Waxhaw is located in Union County, South Carolina, and is situated about 20 minutes from Charlotte, North Carolina. It’s home to just under 21,700 people.
