In March 2025, Cobb County, Georgia, became the target of a significant ransomware attack orchestrated by the Russian-speaking cybercriminal group known as Qilin. This breach resulted in the compromise of approximately 150 gigabytes of sensitive data, encompassing over 400,000 files. The stolen information reportedly includes autopsy photographs, Social Security numbers, driver's license images, and internal government documents.
FOX 5 Atlanta
The Attack and Its Implications
The cyberattack led to noticeable disruptions in county services, prompting officials to take systems offline temporarily. Qilin, operating under a ransomware-as-a-service model, demanded a ransom to prevent the public release of the stolen data. To demonstrate the severity of the breach, the group released 16 sample images on the dark web, which included sensitive personal information.
FOX 5 Atlanta
Cobb County officials have confirmed the breach but have opted not to engage with the attackers' demands. In a public statement, the county emphasized its stance against supporting criminal enterprises, stating, "We refuse to support or enable criminal enterprises, even when faced with difficult choices" .
FOX 5 Atlanta+1https://www.atlantanewsfirst.com+1
Expert Insights
Rick Hudson, Chief Technology Officer at Critical Path Security, highlighted the aggressive nature of Qilin, noting their history of following through on threats to release data. He advised that individuals who have interacted with Cobb County's government in recent years should take proactive measures to protect their personal information, including freezing credit, changing passwords, and enabling two-factor authentication.
Broader Context
This incident is part of a growing trend of cyberattacks targeting local governments, which often operate with limited cybersecurity resources. The attack on Cobb County underscores the vulnerabilities present in municipal systems and the need for enhanced cybersecurity measures across all levels of government.
Protective Measures for Residents
In response to the breach, Cobb County is offering credit monitoring and identity theft protection to affected individuals. Residents are encouraged to:
-
Monitor financial accounts for unusual activity.
-
Change passwords and enable two-factor authentication on sensitive accounts.
-
Be vigilant against phishing attempts and other suspicious communications.
https://www.atlantanewsfirst.com+1East Cobb News+1
The county assures that its network has been secured and that it remains safe to conduct business with county departments. The investigation into the breach is ongoing, with law enforcement agencies involved in tracking the perpetrators and preventing further data dissemination .
https://www.atlantanewsfirst.com+1East Cobb News+1
Conclusion
The ransomware attack on Cobb County serves as a stark reminder of the persistent threats facing governmental cybersecurity. It highlights the importance of robust security protocols, regular system audits, and public awareness in safeguarding sensitive information.