The mayor of West Haven, Connecticut over the weekend said the city was hit by a cyber attack that forced the IT department to shut down all of its systems.
The announcement says the impacted systems were backed up and will be operational in a few days, but data might have compromised.
Ransomware gang Qilin claimed responsibility for the attack and gave the city until January 19, 2025 to pay an undisclosed amount in ransom. West Haven officials have not verified Qilin’s claim.
“Recently, the City of West Haven’s IT Department was alerted and identified an IT system security incident impacting our systems, and out of an abundance of caution, it was determined that the best course of action was to shut all systems down while we investigated further,” the mayor’s announcement says.
We do not yet know what data was compromised, if West Haven did or will pay a ransom, how much Qilin demanded, or how attackers breached the city’s systems. Comparitech contacted West Haven officials for comment and will update this article if they respond.
This is the second successful ransomware attack on West Haven. In October 2018, the city paid a $2,000 ransom to an unknown group to regain access to its systems.
Who is Qilin?
Qilin, also known as Agenda, is a Russia-based hacking group that mainly targets victims through phishing emails to spread its ransomware. It launched in August 2022 and runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.
Since it began posting targets to its leak site in 2022, Qilin claimed responsibility or 37 confirmed ransomware attacks compromising 1.5 million records. It claimed attacks on multiple government entities including Municipalité La Guadeloupe in Canada (April), Prefeitura de Jaboatão dos Guararapes in Brazil (July), and Município de Chaves in Portugal (November).
In June 2024, Qilin demanded $50 million from Synnovis, a UK health company. Synnovis refused to pay.
Qilin claimed another 147 unconfirmed attacks in 2024 that haven’t been acknowledged by targets.
Ransomware attacks on US government
Ransomware attacks on US government agencies and departments can steal data and lock down computer systems. The attacker then demands a ransom to delete the stolen data and in exchange for a key to recover infected systems. If the target doesn’t pay, it could take weeks or even months to restore systems, and people whose data was stolen are put at greater risk of fraud. Ransomware can disrupt everything from communications to billing, payroll, and online services.
In 2024, Comparitech researchers logged 85 confirmed ransomware attacks on US government entities, compromising more than 1.5 million records. The average ransom across these attacks was more than $2.2 million.
Last month, we tracked attacks on Wood County, OH; the Rhode Island department of human services (RIBridges); and the Pittsburgh, PA transit authority. Wood County paid a $1.5 million ransom to an unknown attacker. Ransomware group Brain Cipher demanded $23 million from RIBridges.
About West Haven, CT
West Haven, Connecticut is a city of 55,000 people on the coast of Long Island South in New Haven County.