ABILENE, Texas — The City of Abilene was impacted by a cyber attack April 18 that caused multiple city departments to be taken offline.
RELATED | Russian group ‘Qilin’ claims Abilene data breach, demands ransom by May 27
According to a Comparitech article, a Russian-based ransomware group known as Qilin claims to have stolen 477 gigabytes of data from the City of Abilene.
Qilin is demanding a ransom to be paid by the city by May 27.
RELATED | Abilene community concerned about cyber attack as city announces they will not pay ransom
We spoke with one of the nation’s leading experts on cyber security who had more insight on what this attack means.
“The ransomware is infecting all systems, files, and encrypting and shutting everything down until the ransom is paid,” CEO of CyberCatch, Sai Huda, said.
He said that the ransomware is also stealing and exporting a copy of data.
“And then they use that to threaten and say, ‘hey if you don’t pay me the ransom then guess what, we will sell that data on the dark web and make money off it. and then others will use it to cause harm,’ or, ‘we’ll release it in spurts to embarrass you,” he said.
Huda said that even if the City did pay the ransom, which is not recommended, it doesn’t mean that the attackers will stay true to their word.
“Ransomware is quite expensive to recover from, especially if you don’t pay the random and you don’t get the encryption keys,” he said. “So what you have to do it remove the infection from the infected systems It takes 24 days for a typical organization to recover, but it could be even longer. In some cases we’ve seen, especially in smaller and midsize, it’s months.”
Huda told us that the average ransom demand is $2.7 million, but the cost of ransomware recover far exceeds that.
“The largest ransom payment made so far was last year, $75 million,” he said. “That was a large company, Fortune 500. But even the small to midsize, we’re talking about $5 million to $10 million on average for full recovery.”
He said that now that Qilin has this data, the people in Abilene should keep their guard up.
“Their data is now in the hands of these bad actors and it could be sold on the dark web for money and then used, potentially, to create identity theft and other damages unfortunately,” Huda said.
Some advice he had for people to keep their data safe is ensure your passwords are strong, get into credit monitoring, and use multi-factor authentication.
“The City’s got to do a really good job that they have cleansed their ransomware completely, that there aren’t any malware placed, what’s called backdoors,” Huda said. “Because otherwise, what could happen is, a few months later they’ll be back. There could be another attack. Because they’ve left a backdoor and that program allows them to get in again.”
The City said in a statement they have been working with cyber security professionals and have been given advice not to pay the ransom.
We are able to acknowledge the Comparitech article dated May 19, 2025 in regards to the cyber incident and demands made by the ransomware group, Qilin. The City of Abilene has been working with cyber security professionals since the incident began on April 18th and, given their expert direction along with adherence to the City’s organizational values and standards, determined the payment of any kind of ransom to criminal entities of this sort would not take place. At this time the City is still limited in its ability to comment on the incident as the investigation continues and discovery efforts follow. The City of Abilene understands various aspects of functionality across several departments and services has been affected by the network outage that followed the cyber incident, and we sincerely apologize for the frustration and disruption this has caused. Our employees are working diligently to serve our community, with all essential needs like emergency response, water, and solid waste continuing operations throughout this time. We greatly appreciate everyone’s patience and understanding. As stated previously, we look forward to sharing more information on the cyber incident as soon as the investigation concludes and we are able to do so.
KTXS will be speaking with Huda again after the ransom deadline passes to break down the next steps in a situation like this.
