Ransomware Found its Way into the Texas Court System

What happened?

• On May 8th, the Office of Court Administration (OCA) recognized a critical security incident in the branch network, which was later found to be a ransomware attack.
• Starting in the overnight hours, the attack was not pertinent to the courts’ shift to remote hearings due to the COVID-19 pandemic.
• According to the OCA, Texas’ individual trial court networks were not affected and no vital information was compromised as it could catch the ransomware and limit its impact in a timely manner, avoiding the need for ransom payments.

Actions taken by the OCA

• Until the breach is dealt with, the Texas Judicial Branch network will remain disabled.
• The OCA is continuously working on bringing all the affected branch resources and judicial entities back online.
• Also, it is collaborating with the Texas Department of Information Resources (DIR) to scrutinize the ransomware attack and other information security authorities to retrieve the impacted data.

Some similar antecedent attacks

• In July 2019, the Georgia court system had fallen victim to ransom demands by hackers. Following the attack, the state court's network was completely taken offline.
• In August 2019, Texas was hit by a file-encrypting malware, which impacted 23 local governments. Eventually, the attacker demanded a ransom of $2.5 million in exchange for the decryptors to the affected entities.
• In 2018, government agencies in Minnesota, including the state's court system suffered distributed denial of service (DDoS) attacks. Several "DDoS-for-hire" services were paid by the attacker to sabotage websites in Minnesota.

The final word