After negotiations broke down between Dopplepaymer, a ransomware gang, and the Illinois Office of the Attorney General, the criminal group behind Dopplepaymer leaked a large collection of files stolen from Illinois courts.  This attack took place on Saturday April 10^th.  The incident was disclosed on April 13^th, however it wasn’t confirmed as ransomware until April 21.  While there has been no definitive answer given as to why negotiations broke down, some ransomware negotiations with DopplePaymer have broken down in the past when victims realize that paying the ransom could be illegal. The US Department of Treasury added the criminal group known as Evil Corp to the list of sanctioned entities, and cautioned US businesses not to provide financial support to the group. Since some analysts have suggested that DopplePaymer may have been created by Evil Corp, victims may be hesitant to pay ransom demands. Courts and other law enforcement agencies are even less likely to hand over money to support criminal operations, since it is counterproductive to their mission and responsibilities to protect the public from crime.