Texas City suffers ransomware attack – Court of Appeals’ network compromised

May 23, 2020
texas city court of appeals ransomware attack

One of the primary networks servicing the US court of appeals in Dallas, Texas, and other branches of the US Judicial system was permanently disabled. The event is due to the city’s discovery of the ransomware attack last Friday. The court’s tech team has immediately disabled the network, shutting down all connecting websites and servers to prevent further spread of the ransomware.

According to initial reports and from a preliminary statement by the Office of Court Administration yesterday, there was no indication that any sensitive or personal information was exposed or compromised. They have yet to confirm if the attack has any relation to the sudden surge of online hearings and remote court sessions due to the coronavirus pandemic.

Ransomware has been known to invade a computer or network system by acquiring files that are usually sensitive in nature and encrypting them altogether – preventing access from all users. The encrypted data will remain inaccessible unless the victim has paid a ransom demand.

But in this case, no ransom will be paid according to the court’s statement in a proud Texan manner.

The above announcement came the day after the court’s statement , almost the same time a temporary website was put up by the Court of Appeals. The creation of the court’s temporary web page’s purpose is to display information related to the system’s coronavirus efforts only. Megan La Voie, the spokesperson for the Office of Court Administration, stated that until the alleged breach has been patched and repaired, the network will remain unavailable. They have also noted that the investigation is still ongoing and that they’re leaving no stone unturned.

According to Blake Hawthorne, the court’s clerk, most of their operations and processes were profoundly affected. They are currently trying to do everything they can to provide all the standard services and being as creative as they can. Court publications and other documents are now being made available via Dropbox. The threat actors also utilize different social media platforms to publicize the links.

Luckily for lawyers, the court system has a 3rd party vendor that was not affected by the ransomware attack. The court system for filing of appeals and other legal documents were responsible for commissioning the said vendor. So even though the main website is unavailable, all filed documents are accessible to court personnel and the public via the SearchTX website.

As of this writing, The Office of Court Administration has been continuously working with local and State law enforcement, The Department of Information Resources in Texas, and security researchers to investigate the attack.

Due to the sensitive nature of the investigation, especially the alleged breach and all possible compromised information, it has been decided by the Court Administration not to share any further details relating to the cyber-attack.

Local and State governments have been advised by the Federal Bureau of Investigation not to pay any ransom to hackers and other threat actors. This is because there’s almost always no guarantee that the acquired information will not be leaked or sold for more profit.

About the author

Leave a Reply