The IT Nerd

Ransomware group Qilin today claimed responsibility for the early February cyberattack on Lee Enterprises which disrupted many of the company’s 70-plus newspapers and other publications. Qilin claims it stole 350 GB of data including investor records, financial arrangements, funding info, and more. 

Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote in a blog post that was published today:

“Qilin, also known as Agenda, is a Russia-based hacking group that mainly targets victims through phishing emails to spread its ransomware. It launched in August 2022 and runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.”

“Since it started, Qilin has claimed 47 confirmed ransomware attacks compromising 1.5 million records. Also in 2025, Qilin has claimed responsibility for breaches at the city of West Haven, CT; the German Bishop’s Conference; and the Palau Ministry of Health and Human services.”

“Qilin claimed another 56 unconfirmed attacks so far this year that haven’t been acknowledged by the targeted organizations.”

I highly recommend reading the blog post as it really goes into the weeds about who this group is and other details about this cyberattack. It’s worth the ten minutes or so that you’ll be investing in reading this blog post.

For the fourth day in a row, the Cleveland Municipal Court has posted a statement on its Facebook page that it is still closed due to a cybersecurity incident. 

  “As a precautionary measure, the Court has shut down the affected systems while we focus on securing and restoring services safely. 

  “These systems will remain offline until we have a better understanding of the situation.

  “All internal systems and software platforms will be shut down until further notice. 

  “The Cleveland Municipal Court will be closed on Thursday, February 27, 2025, except for essential staff and normal business will not be conducted with the public,” the social media page post reads for the fourth day in a row.

This comes on the heels of officials in Anne Arundel County, Maryland, which is home to more than half a million people, operating with limited internet access after a weekend cyberattack prompted the county to shut down operations and close offices on Monday forcing non-emergency government employees to work remotely.

Although offices reopened Tuesday, officials said they were taking a “proactive approach” until they’re able to safely restore operations and eligible employees were encouraged to work remotely due to potential internet connectivity issues.

Emily Phelps, Director, Cyware had this to say:

  “Disruptions like these underscore the critical need for robust threat intelligence and response strategies. Cyber incidents can happen to any organization, and swift action to contain and mitigate damage is essential. However, reactive measures alone aren’t enough—having the right intelligence to anticipate and prevent threats before they escalate is just as crucial. As attacks continue to disrupt municipal services, it’s clear that cybersecurity resilience isn’t just about response but about proactively managing risks through intelligence-driven security operations. Public sector organizations, often targeted due to their essential services and sensitive data, must prioritize threat visibility and collaboration to stay ahead of adversaries. A well-integrated approach to threat intelligence can help prevent extended shutdowns and ensure continuity of critical operations.”

Attacks like these are becoming more and more disruptive. That can be very costly and not just from a dollars and cents perspective. Which is why there needs to be a focus on doing everything possible to not get pwned in the first place.