Ransomware gang Rhysida today took credit for a cyber attack on the Cleveland County Sheriff’s Office in Oklahoma.
The sheriff’s office on November 20 disclosed a ransomware attack impacted parts of its internal computer system.
Rhysida says it stole data from the sheriff’s office during the attack. It’s now demanding 9 bitcoin in ransom, worth about $787,000 at time of writing, within the next 7 days. To prove its claim, Rhysida posted sample images of what it says are documents stolen from the sheriff’s office. They include Social Security cards, criminal background checks, booking reports, mugshots, court filings, and medical records.
The Cleveland County Sheriff’s Office has not verified Rhysida’s claim. We do not know what data was compromised, how many people might be affected, how attackers breached the CCSO’s network, or if the CCSO did or will pay a ransom. Comparitech contacted the Cleveland county Sheriff’s Office for comment and will update this article if it replies.
“The Cleveland County Sheriff’s Office was recently impacted by a ransomware attack affecting parts of our internal computer system,” says a November 20, 2025 Facebook post that has since been removed.
“There is no interruption to public safety services. Deputies are responding to calls, 911 is fully operational, and our daily operations continue. County IT, which manages the county’s network, is actively working to resolve the issue. We are still assessing the full scope of the incident and will shar updates as more information becomes available.”
Who is Rhysida?
Rhysida is a ransomware group that first surfaced in May 2023. Its ransomware can steal data and lock down targeted systems. It then demands a ransom both for deleting stolen data and for a key to restore infected systems. Rhysida operates a ransomware-as-a-service business in which affiliates pay Rhysida to use its malware and infrastructure to launch attacks and collect ransoms.
Rhysida has claimed responsibility for 246 ransomware attacks, 96 of which were confirmed by the targeted organizations. The Cleveland County Sheriff isn’t the only government department or agency Rhysida has breached. This year the group also hacked the Oregon Department of Environmental Quality and the Maryland Department of Transportation. Rhysida demanded $2.6 million from the former and $3.4 million from the latter, but both departments said they didn’t pay up.
Ransomware attacks on US government
Comparitech researchers have logged 72 confirmed ransomware attacks on US government entities in 2025 to date. Those attacks compromised nearly 450,000 records and came with an average ransom demand of $1.18 million.
The largest such breach was reported by the Pierce County Library System in Washington, which notified about 337,000 people of an April 2025 breach claimed by Inc. The largest ransom demand came from Qilin, which wanted $4 million after it hacked the Cleveland, OH Municipal Court in February 2025.
Last month, the Georgia Superior Court Clerk’s Cooperative Authority says it refused to pay a $400,000 ransom to Devman, which claimed to steal 500 GB of data from the agency.
The village of Golf Manor in Ohio also reported a ransomware attack last month.
About the Cleveland County Sheriff’s Office
The Cleveland County Sheriff’s Office is the chief law enforcement agency in Cleveland County, Oklahoma, just south of Oklahoma City. It employs roughly 200 people and serves a population of about 280,000, according to external sources. The current sheriff is Chris Amason.
