Ransomware gang Qilin yesterday claimed responsibility for a data breach at the local government of Cobb County, Georgia.
Cobb County’s IT department on March 21, 2025 shut down the county’s servers for a week after detecting unauthorized users on its network. Several county services went down as a result, including courthouse filing, the jail database, and wi-fi access.
A month later, the county announced that it notified 10 people whose data was compromised in the breach, but did not specify what info the data contained.
Qilin on May 1 added Cobb County to its data leak site, saying it stole more than 150 GB of data. To prove its claim, the group posted sample images of what it says are documents stolen from Cobb County’s servers.
Cobb County has not verified Qilin’s claim. We do not know whether Cobb County paid a ransom, how much Qilin demanded, or how attackers breached the county’s network. Comparitech contacted Cobb County officials for comment and will update this article if they reply.
Who is Qilin?
Qilin is a ransomware gang that started claiming responsibility for attacks on its website in late 2022. Also known as Agenda, Qilin is a Russia-based hacking group that mainly targets victims through phishing emails to spread its ransomware. It launched in August 2022 and runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.
Qilin claimed responsibility for 17 confirmed ransomware attacks to date in 2025, plus 161 unconfirmed claims that haven’t been acknowledged by the targeted organizations. Government entities were the target of three of those attacks:
- West Haven, CT notified 4,932 people of a January 2025 data breach claimed by Qilin
- Palau Ministry of Health and Human Services was hit by a Qilin attack in February 2025
- Cleveland Municipal Court says Qilin demanded $4 million following an attack in February 2025
Qilin attacks are on the rise, and some trends indicate that the group is taking on more affiliates migrating from RansomHub, which was the biggest ransomware gang of last year.
Ransomware attacks on US government
Ransomware attacks on US government agencies and departments can both steal data and lock down computer systems. The attacker then demands a ransom to delete the stolen data and in exchange for a key to recover infected systems. If the target doesn’t pay, it could take weeks or even months to restore systems, and people whose data was stolen are put at greater risk of fraud. Ransomware can disrupt everything from communications to billing, payroll, and online services.
In 2025 so far, Comparitech researchers logged 19 confirmed ransomware attacks on US government entities, plus 26 unconfirmed claims.
In April 2025, ransomware attacks hit the Oregon Department of Environmental Quality; the Arizona Federal Public Defender’s Office; DuPage County, IL; and the Hamilton County, TN Sheriff’s Office.
About Cobb County, Georgia
Cobb County makes up part of Atlanta in the northern part of Georgia. It’s the third-most populous county in the state with more than 766,000 people.
