The Qilin group in a dark web post Saturday said it was behind the Sept. 4 attack, according to a screenshot viewed by a reporter. The post didn't say how much or what kind of information the group managed to hack from the 800-person agency, and neither has Sheriff Susan Hutson.
But the group leaked four documents suggesting at least some of OPSO's administrative and financial records were compromised. One was a March 2025 bank statement; another a January 2025 internal report on contraband incidents.
Neither appeared to include sensitive data often targeted in cyber attacks, like social security numbers or account passwords. The post also misidentified the agency's sheriff as "Marlin N. Guzman (sic)." OPSO's former Sheriff Marlin Gusman left office in 2022.
Either way, Qilin's decision to publish hacked documents nine days after the attack suggests the group has demanded money and is escalating matters because the agency hasn't paid, said Luke Connolly, a threat analyst with the New Zealand -based Emisoft firm.
"Ransomware groups in general, including Qilin, can be very disruptive to their victims, applying various forms of pressure to convince the victim to pay their demanded ransom demands," Connolly said.
Qilin has been linked to nearly 900 cyber breaches across the globe since the group appeared in 2022, Connolly said, including more than 20 against local governments in the U.S. so far this year.
The group likely originates in Russia, according to a 2024 report prepared for the cybersecurity division of the U.S. Department of Health and Human Services. Qilin is known for attempting to extort its victims, and has demanded ransoms between $50,000 and $800,000.
OPSO hasn't said if Qilin has demanded a ransom, nor has the agency been willing to address other key questions about the extent of the attack. The agency "continues to work around the clock" to restore operations, OPSO said Monday.
"At this time, we are treating every computer as potentially compromised while our IT team, alongside cybersecurity partners, works to assess and restore systems," the agency said in a statement Monday.
A spokesperson for the Louisiana State Police CyberCrimes Unit, which is partnering with OPSO on its response, declined to comment Monday.
Hutson initially said her department had "isolated" the attack and that it wouldn't impact jail operations.
But within 24 hours of the 4:30 a.m. breach two weeks ago, server disruptions forced OPSO's processing staff to halt releasing detainees who had paid bail. Those releases resumed by the weekend. Since the attack, the agency has booked 288 people and released 265, OPSO said Monday.
OPSO reiterated Monday that "jail security operations have not been affected by this outage."
Meanwhile, attorneys and the public have lacked access to Docket Master, OPSO's online lookup tool for criminal cases, for more than 10 days.
OPSO said Monday that anyone who needs information on their case can contact the jail's communications staff at 504-202-9386.
©2025 The Times-Picayune | The New Orleans Advocate, Distributed by Tribune Content Agency, LLC.
