On May 1, Qilin added Cobb County, Georgia to its dark web leak site. The ransomware gang claims to have acquired 150 GB of data and more than 400,000 files. They provided 16 image files as proof of their claims. Qilin threatens to release the data on May 3 if no payment is received. Because Cobb County already announced that it had declined to pay any ransom, it may be just a matter of time until there is a large data leak.
Cities in Cobb County include Acworth, Austell, Kennesaw, Mableton, Marietta, Powder Springs, and Smyrna. The county population was 771,952 in 2022, but because records in the leak appear to go back an as-yet undetermined number of years, many people may have had data accessed or acquired.
If Qilin’s proof of claim images were intended to prove that the threat actors acquired sensitive data, the screenshots appear to accomplish that. The image files they post include personal information on employees of the county, including the Sheriff’s Office, and files with personal information on members of the public, some of whom were charged with various crimes and some of whom may have been victims. Some images appear to be pictures taken in the morgue of deceased individuals. Their names do not appear on the images, but they would likely be recognizable to those who had known them. Their case numbers also appear in the images, which would permit cross-reference to reports and other files concerning the individual or their death.
Using simple search techniques, DataBreaches was able to locate and confirm that some of the individuals who were named in some of the screenshots do correspond to real individuals who reside in Cobb County.
DataBreaches sent an email inquiry to the county, which had previously confirmed that there had been a ransomware incident, but has yet to acknowledge or describe the scope of the attack. A statement they made on April 24 that 10 people were affected does not appear to be even the tip of any iceberg for this incident.
No reply has been received by publication, but DataBreaches will update this post when more information becomes available.