Phishing simulation Awareness training Data breach detection Pricing About Blog Resources Contact
Get started Log in

Ransomware attack targets sheriff’s office

The Hamilton County Sheriff’s Office was hit by a ransomware attack, allegedly by the Qilin gang, disrupting operations and exposing sensitive data.

13-05-2025 - 4 minute read. Posted in: cybercrime.

Ransomware attack targets sheriff’s office

Ransomware attack disrupts Hamilton County Sheriff’s Office

A ransomware attack has disrupted operations at the Hamilton County Sheriff’s Office in Tennessee. The attack, which appears to have been carried out by the Qilin ransomware gang, affected internal systems and prompted a swift response from authorities and cybersecurity experts.

Criminal gang claims responsibility

The Qilin ransomware group has claimed responsibility for the attack. On its dark web leak site, the group published alleged documents and internal files belonging to the sheriff’s office as proof of the breach. As of now, no ransom amount has been confirmed, and officials have not commented on whether any negotiations are ongoing.

Qilin is a ransomware-as-a-service (RaaS) operation that typically uses double extortion tactics. This means victims' data is not only encrypted but also threatened with public exposure unless a payment is made.

Who is the Qilin ransomware gang?

Qilin, previously known in some attacks under the name Agenda, is a financially driven cybercriminal group believed to operate from Russian-speaking regions. It provides its ransomware tools to affiliates who carry out attacks and share profits with the core group.

The gang has targeted sectors including healthcare, education, manufacturing, and government. Its attacks usually involve stealing sensitive data and then encrypting systems to pressure victims into paying.

What distinguishes Qilin is the way its malware can be tailored to specific victims. Affiliates receive instructions on exploiting vulnerabilities, moving through networks, and disabling security tools, which suggests a high level of coordination and technical capability.

Healthcare remains a prime target

Healthcare organisations are among Qilin’s preferred targets. The sector is especially vulnerable due to outdated infrastructure, limited cybersecurity resources, and the critical nature of its services. The theft or encryption of sensitive medical data can have life-threatening consequences and make organisations more likely to pay ransoms.

Recent incidents have shown how widespread and damaging these attacks can be. In one case, a US blood center was hit by a cyberattack, disrupting life-saving medical logistics. Similarly, what is considered healthcare's biggest data breach in history exposed the personal data of millions of patients. Even major tech providers serving the sector are affected, as seen when the FBI launched an investigation into a data breach at Oracle, a company with extensive ties to healthcare infrastructure.

These examples underscore the urgent need for improved cyber resilience across the healthcare industry.

Operational impact and recovery efforts

According to local outlet WDEF, the sheriff’s office first reported technical issues on April 30. The office’s website was taken offline, and several internal systems used for daily operations were affected.

Sheriff Austin Garrett later confirmed that recovery efforts were underway in cooperation with state and federal partners. Manual systems and backup protocols have been activated to keep essential services running, including emergency response and communications.

By early May, the office’s website was restored. However, investigations into the breach are still ongoing.

A growing threat to law enforcement

This case is part of a concerning trend where ransomware groups target law enforcement agencies and government bodies. Such attacks can compromise sensitive information, delay emergency response times, and weaken public trust in institutions.

Many public organisations still operate on outdated systems that lack modern cybersecurity protections. The Hamilton County incident highlights the urgent need for investment in digital security infrastructure and training.

The importance of transparency

Sheriff Garrett’s team has been open about the attack, issuing timely updates to the public. Transparency helps build trust, reduces speculation, and fosters cooperation with national cybersecurity authorities.

However, security experts warn that sharing too many details too early can be risky. It may give attackers an advantage or interfere with digital forensics.

Ransomware remains a top concern

The Hamilton County attack is a reminder that ransomware continues to pose one of the most serious threats in the cyber landscape. While government agencies rarely pay ransoms, the consequences of these attacks are still significant.

Strong cybersecurity practices such as network segmentation, multi-factor authentication, and real-time threat detection remain essential. As ransomware groups become more aggressive and sophisticated, the need for proactive defence measures becomes even more critical.

Author Sarah Krarup

Sarah Krarup

Sarah studies innovation and entrepreneurship with a deep interest in IT and how cybersecurity impacts businesses and individuals. She has extensive experience in copywriting and is dedicated to making cybersecurity information accessible and engaging for everyone.

View all posts by Sarah Krarup

Similar posts

Malvertising: A malicious advertisement
hacking

Malvertising: A malicious advertisement

We can't avoid encountering advertisements when we browse the internet. But the ads we see can harbor malicious malware, which we want to avoid.

12-07-2023 · 6 min.
Webcam security in the hybrid workplace
cybercrime

Webcam security in the hybrid workplace

A webcam used to be nice to have for the occasional job interview, virtual conversation with friends/family or recording a funny home video.

03-04-2022 · 5 min.
AI and cybersecurity
cybercrime

AI and cybersecurity

AI is becoming a more widespread tool because there is an increase in its development. But how can AI be used in cybersecurity? Read on to learn more.

20-04-2023 · 6 min.