Initially, the group published screenshots of stolen data as proof of the attack, but has since made the entire archive available for download from its leak page.

The group's operations have expanded to Asia, targeting various sectors including healthcare, real estate, construction, IT, food, and manufacturing.

Following the breach, officials alerted the Virginia State Police, the FBI, and the Virginia Information Technologies Agency, initiating investigations to assess the impact and source of the attack.

The Cloak ransomware group has claimed responsibility for a cyberattack on the Virginia Attorney General's Office that occurred in February 2025.

The Virginia Attorney General's Office has not confirmed the claims made by Cloak, including whether any ransom was paid or details about the compromised data.

Since its emergence in late 2022, Cloak has targeted over one hundred organizations, primarily focusing on small to medium-sized businesses in Europe and Asia.

This attack was revealed in mid-February when the Attorney General's Office notified employees that most of its systems, internal services, and website were down, disrupting internet connectivity and VPN access.

As a result of the attack, the office was forced to shut down IT systems, including email and VPN services, and revert to paper filings, which Chief Deputy AG Steven Popps described as a 'sophisticated attack.'

On March 20, 2025, Cloak added the Virginia Attorney General's Office to its Tor-based leak site, claiming to have stolen 134GB of sensitive data and indicating that negotiations had stalled due to the office's refusal to meet ransom demands.

Cloak appears to be affiliated with the Good Day ransomware group and often employs social engineering techniques for initial access, collaborating with initial access brokers.

The group uses an ARCrypter ransomware variant, derived from the leaked code of Babuk, to encrypt files after infiltrating networks.

Cloak utilizes malware to exfiltrate data and encrypt systems, boasting a high payment rate of 91-96% among victims.