ABILENE, Texas — According to an article by Comparitech, a Russian-based ransomware group, Qilin, claims to have stolen 477 GB of data from the City of Abilene, with a demanded ransom that has to be paid by May 27.
On April 18, the city was impacted by a cyberattack that caused multiple departments, including the city’s public transport system, CityLink, to be taken offline.
RELATED | Cyber incident disrupts CityLink communication, leaving Abilene residents without a ride
The cyber attack on the city of Abilene is still an issue.
We spoke to a technology journalist who says the city has until May 27 to pay a ransom.
According to comparitech.com, a ransomware gang called Qilin claimed responsibility for the cyber attack on the city of Abilene.
The hacker group claims to have stolen 477 gigabytes of data from the city, but where it is based might surprise you.
RELATED | Cyber attacks are not just happening in Abilene but across Texas
“We think they are a Russian-based hacking group, although it is really hard to attribute some of these attacks because they go through a lot of trouble to hide who they are and their identities,” said Paul Bischoff, tech writer, privacy advocate, and vpn expert. “Most likely based out of Russia, though there a very active ransomware group this year. They have hacked seven different targets that are government entities alone, plus dozens of other attack claims on companies, schools, hospitals, and everything you can think of.”
We went to the city hall to get the latest information on the cyber attack.
While we were there, we were told that city leadership was meeting to discuss the attack and how to proceed.
The city would not go on camera to tell us what happened in the meeting, but did release a statement.
“We are able to acknowledge the Comparitech article dated May 19, 2025 in regards to the cyber incident and demands made by the ransomware group, Qilin. The City of Abilene has been working with cyber security professionals since the incident began on April 18th and, given their expert direction along with adherence to the City’s organizational values and standards, determined the payment of any kind of ransom to criminal entities of this sort would not take place. At this time the City is still limited in its ability to comment on the incident as the investigation continues and discovery efforts follow. The City of Abilene understands various aspects of functionality across several departments and services has been affected by the network outage that followed the cyber incident, and we sincerely apologize for the frustration and disruption this has caused. Our employees are working diligently to serve our community, with all essential needs like emergency response, water, and solid waste continuing operations throughout this time. We greatly appreciate everyone’s patience and understanding. As stated previously, we look forward to sharing more information on the cyber incident as soon as the investigation concludes and we are able to do so.”
The tech writer with Comparitech wrote the article about who claimed to execute the cyber attack and told us how the data may have been hacked.
“So we don’t know that exactly because the Abilene government hasn’t shared that information, and in fact, it is very rare that any hacked organization will share that information,” said Paul Bischoff, tech writer, privacy advocate, and vpn expert. “They don’t want to invite further attacks but we do know that Qilin usually attacks their targets through phishing so that means they are gonna send emails or text messages or soemthing to people to try trick them into clicking a link where they enter some log in information or payment information something that gives them access to the governments local network or private network. Once they’re in, they plant their malware, it starts to spread, it starts encrypting files, it starts stealing data and sending it back to Qilin. Then they demand a ransom to restore the systems back to the way they were, to delete the data that they stole.”
The hacker group Qilin posted sample files of what they stole from Abilene.
The items include sensitive information that could be used to commit further crimes.
The city of Abilene has not verified Qilin’s claim, but what happens if that data is leaked?
“Let’s say the hacker group sells the data to somebody who’s actually going to use it to scam people,” said Paul Bischoff, tech writer, privacy advocate, and vpn expert. “They can with your tax return for example it’s got your social security number on it, so they can apply for credit in your name and try to get a loan, try to sign up for a utility bill, try to collect some benefit that you should be getting. You can also file various tax scams where you can file somebody else’s taxes for them, but put on a much larger number than they should have gotten to demand a much larger return, and they get a much bigger return in the mail. The scammer approaches them pretending to be the IRS, demanding the extra money back. They send it to them that people end up being screwed to the money they sent to the scammer and they have to pay it back to the IRS because they just got fined for overreporting their income. So it creates a huge mess it’s just all sorts of identity theft related tax that’s one example that can happen with this information.”
What if Abilene does not pay the ransom amount by May 27?
“So if they don’t pay any systems that have been encrypted have to be restored from scratch,” said Paul Bischoff, tech writer, privacy advocate, and vpn expert. “That may mean permanent data loss, that may mean having a lot of downtime for city services or whatever or systems that are affected by that until they can restored. That also means that Qilin will either sell or publicly release the data that they have stolen to punish Abilene for not paying.”
According to compritech.com, the ransomware gang Qilin has claimed 25 confirmed ransomware attacks in 2025.
Seven of those were against government entities.
We will keep you updated on any further information that is released.
Qilin is taking credit for the April hack of the City of Abilene and threatened to make the data public if the city refused to pay.
Qilin posted sample files that claim they stole tax returns and government documents.
Abilene officials have not verified Qilin’s claim yet, and Comparitech is unsure if the city will pay the ransom.
KTXS plans to speak with Paul Bischoff who wrote the article for Comparitech. We have also reached out to officials with the City of Abilene and have yet to hear back. This article will be updated accordingly as more information is released.
