ABILENE, Texas — New details have been released following the cyberattack on the City of Abilene that happened mid-April.
While the City is still working to replace all of its equipment, tech officials said there is no evidence as of May 28 that any confidential data was leaked on the dark web.
According to the news release from the City, servers were unresponsive around 4 a.m. and the whole network was shut down around 7 a.m. after the City’s information technology department determined the computer systems were compromised.
The suspected hacking group, Qilin, compromised the City’s network and accessed administrative credentials and attempted to uninstall antivirus software, according to Troy Swanson, Director of Information Technology for the City of Abilene.
The group demanded the City pay a random by May 27 to restore the stolen 477 gigabytes of data. However, the City determined not to pay the ransom.
Communication has occurred with the suspect hacking group claiming responsibility to ascertain the nature of the information taken. However, the City determined it will not aid or abet the perpetrators otherwise, and will not pay the ransom.
RELATED | Abilene faces potential data leak as ransom deadline arrives without payment expected
Swanson said they are working to replace all of the network infrastructure including servers, storage, as well as desktops and laptops. By replacing all of this equipment, Swanson said it will create a new cyber secure environment.
“Our main push is to get desktops and laptops back in the employees’ hands so they can continue to perform their functions,” he said. “In many cases, there have been stopgap measures or interim measures to perform work, but we have many time-bound and funding-bound business practices that we are standing back up, and we’ve been relatively successful at that.”
Swanson said residents and employees should expect most of the City’s daily functions to be restored soon.
RELATED | Russian group ‘Qilin’ demands ransom by next week, City of Abilene refuses to pay
Mike Perry, Director of the City’s Office of Professional Standards, said when threat actors attack a network, they encrypt data so it’s hidden from the owner and then ask for a ransom to unencrypt and recover the data.
Before taking this role with the City, Perry was Assistant Chief of Police in Abilene for 12 years and said the City was not going to “bow down to a criminal organization.”
The City said paying the ransom would not have guaranteed the data would be recovered or that the organization would not sell it on the Dark Web anyway. However, Perry said there is not any evidence the data has been shared as of late May.
“As of May 28, 2025, there is no indication the City’s information has been misused by the threat actors…,” Director of the City’s Office of Professional Standards, Mike Perry, said. “There also is no evidence that residents’ information has been used or released by the hacking group…”
Perry said the incident is still under investigation and the exact information taken by the hackers is unclear but the amount seems to be relatively small compared to the City’s overall storage capacity.
“We’re currently in this pattern of waiting to see if and when they’re going to publish the data,” Perry said. “There’s not a lot more dialog to be had because we’ve told them we’re not going to pay the ransom.”
Officials recommend City employees and local residents to actively monitor their credit cards and other accounts as it’s important to watch out for potential data breaches.
RELATED | Abilene community concerned about cyber attack as city announces they will not pay ransom
Perry recommends looking into free credit monitoring services such as Equifax, Experian, and TransUnion. He also recommends routinely updating passwords and making sure they’re unique.
“If you’re not monitoring your accounts, if you’re not monitoring credit, you’re behind the times, because it’s going to sting you,” he said.
According to the City, there were over 500 reported ransomware attacks on U.S. government entities between 2018 and 2024.
