A ransomware attack has hit the information technology office that supports Texas appellate courts and judicial agencies, leading to their websites and computer servers being shut down. The office said that it will not pay the ransom requested by the cybercriminals.
Specifically affected is the Office of Court Administration (OCA), which is the IT provider for the appellate courts and state judicial agencies within the Texas Judicial Branch. The OCA is a unique state agency in the Judicial Branch that operates under the control of the Supreme Court of Texas. The OCA said in a Monday post that the cyberattack started last Thursday evening and was shortly thereafter discovered on Friday morning by the OCA’s IT staff, who quickly worked to limit its spread.
“Immediately upon discovery, OCA IT staff disabled the branch network including websites and servers to prevent further harm,” said David Slayton, administrative director with the OCA. “The network has remained disabled since this time and will continue to do so until the breach is remediated. OCA is working with law enforcement and the Texas Department of Information Resources (DIR) to investigate the breach.”
Though its website remains down as of Wednesday, the OCA said that at this time, there is no indication that any sensitive data (including personal information) was compromised. Individual trial court networks throughout the state were also unaffected by the cyberattack.
Many courts and judicial branch agencies supported by OCA have moved many IT functions to the cloud, Slayton said. That’s advantageous in this situation, as these services – including eFileTexas (for filing of documents), reSearchTX (for reviewing filed documents), collaboration tools for editing and sharing documents, and email – have not been impacted by the attack. That allows them to be able to continue operations and ensure that the filing of documents can continue uninterrupted.
Update on IT Security Breach impacting the TX Judiciary. pic.twitter.com/8f34qdMhTa
— Texas Courts (@TxCourts) May 11, 2020
The attack is also unrelated to the courts’ migration to remote hearings amid the coronavirus pandemic, said the OCA.
“Work continues to bring all judicial branch resources and entities back online,” according to Slayton. “In the meantime, a temporary web site has been established with critical judicial branch information, including information concerning the COVID-19 pandemic.”
The OCA’s statement that it will not pay the ransom is another notable point. Cybersecurity experts have often noted that paying the ransom isn’t a viable solution — but the decision to pay or not to pay is a complex one. For instance, New York State may soon ban municipalities from paying ransomware demands in the event of a cyberattack. Others victims, such as New Bedford, Mass., and the city of Atlanta, have ridden out the cyberattack without paying up.
Threatpost has reached out to the OCA for further information about how the initial cyberattack started, how much attackers asked for in ransom, and who is suspected to be behind the attack.
The ransomware attack is reminiscent of a wide-scale, coordinated cyberattack on Texas entities a year ago. Up to 22 Texas local governments and businesses were hit by a ransomware attack in August, which Texas officials said was part of a targeted attack launched by a single threat actor.
“In the last year, we have seen just how damaging ransomware can be to state and county government agencies,” Steve Moore, chief security strategist, Exabeam, said in an email. “Last August, a coordinated attack hit 22 local Texas governments at the same time, forcing many municipalities to rely on backup systems. Thankfully, none of the $2.5 million in Bitcoin demanded was paid in this instance. However, taxpayers are known to grow frustrated and lose trust for cities that fail to protect their networks and data overall. Now, the Texas court system is the latest target.”
