Yesterday afternoon, Global ransomware gang added the Lorain County Auditor’s Office to its data leak site, giving the government organization less than 24 hours to meet its ransom demands before data is leaked. The auditor’s office suffered a cyber attack on May 27, 2025.
In a statement, it said:
The Lorain County Auditor’s Office is currently experiencing issues with some of our computer systems. This is causing some mapping layers and images to not display properly on this website. We are aware of the problem and are working to correct it.
Experts had been hired to help overcome the attack and, at the time, there wasn’t any concern over personal data theft as a lot of the information held by the office is public record.
Global ransomware group’s claim says different, as the gang alleges to be in possession of “lots of private information. Bank accounts and more.”
Lorain County Auditor’s Office hasn’t confirmed the nature of its cyber attack, whether or not a ransom was demanded/paid, and whether a data breach has occurred. Comparitech has contacted the entity for more information and will update this article if we receive a response.
It is also unclear if the breach extended further than the auditor’s office as other departments within Lorain County also started to report issues at the end of May. Several departments were closed, including the Court of Common Pleas, the General Division and Domestic Relations/Juvenile Court, and Adult Probation. The auditor’s office did state in its original statement that its digital network was separate from other departments, however.
Who is Global ransomware?
Global is a relatively new ransomware strain that first began adding victims to its data leak site last month. It has claimed 17 victims so far with this attack being the first to have been confirmed by the entity involved.
Many of its unconfirmed attacks have been on healthcare organizations and manufacturers. One of its healthcare claims was refuted by the entity involved (Epworth HealthCare in Australia) but reports suggest the group may have accessed the data via a third-party cardiologist who works at the hospitals.
Global operates as a Ransomware-as-a-Service group and, as appears to be the case with Lorain County Auditor’s Office, it sets out to encrypt systems and steal data. This doubles up its chances of securing a ransomware payment as it can bargain with its victims for access to decryption keys and to delete stolen data.
Ransomware attacks on US government organizations
So far this year, we’ve seen 38 confirmed attacks on US government entities and we are monitoring a further 37 unconfirmed attacks.
Other recently confirmed attacks include Albemarle County which was targeted by INC last month. No ransom was paid but this week INC posted Albemarle County Public Schools to its data leak site, alleging to have stolen 229 GB of data.
Also confirmed in June was:
- City of Durant, OK – another victim of INC
- Mower County, MN – hackers unknown
- Taos County, NM – Kairos claimed this attack, allegedly stealing 1.94 TB of data
- City of Green River, WY – hackers unknown
- City of Thomasville, NH – also claimed by INC with 250 GB allegedly stolen
Governments remain a key focus for ransomware gangs due to the disruption they can cause by a) crippling key systems and b) stealing sensitive data on citizens.
About Lorain County Auditor’s Office
Located in Elyria, Ohio, Lorain County Auditor’s Office is responsible for Lorain County’s finances, which includes the payroll for its 2,000+ employees. Lorain County is home to over 310,000 people.
