A ransomware group known as Global has threatened to release sensitive data stolen from the Lorain County Auditor’s Office unless a ransom is paid by today.

The cyberattack, which took place on May 27, 2025, was confirmed by the office in a brief statement noting issues with its computer systems, particularly affecting online mapping and imaging tools. At the time, officials suggested the risk to personal data was low since much of the information stored was public. However, the Global gang has since claimed it exfiltrated “lots of private information, bank accounts and more,” raising concerns about the true extent of the breach.

The Auditor’s Office has not confirmed whether data was stolen, whether a ransom was demanded or paid, or if the attack spread beyond its own network. Meanwhile, several other Lorain County departments—including courts and probation services—experienced disruptions around the same time. Though the Auditor’s Office maintains that its systems are separate, the timing has fueled speculation about a broader county-wide impact. Cybersecurity experts have reportedly been engaged to assess and mitigate the situation, but the full scope of the damage remains unclear.

Global is a relatively new ransomware group that operates under a Ransomware-as-a-Service model, using a combination of system encryption and data theft to pressure victims into payment. Since emerging last month, the gang has claimed responsibility for 17 attacks, with a growing list of targets including healthcare providers and manufacturers. The Lorain County incident is the first case confirmed by the victim. It adds to a rising trend of ransomware attacks on U.S. government entities this year, with over three dozen confirmed cases, underscoring the ongoing vulnerability of public sector infrastructure.