Texas courts slammed by ransomware attack

Officials say they will not bow to any blackmail or ransom demands.

Texas courts disclose ransomware attack, refuse to pay hackers

Texas has revealed a ransomware attack launched against its court system but insists no ransom will be paid. 

According to a statement issued on Monday by the Office of Court Administration (OCA), later posted on Twitter, the attack took place overnight last Thursday and was discovered on Friday morning. 

The agency is responsible for providing IT services to the Texan court system. The malware made its way through the OCA's branch network, and as soon as the ransomware was spotted, linked servers and websites were disabled in an attempt at damage limitation.

See also: Zeus Sphinx revamped as coronavirus relief payment attack wave continues

It has not been disclosed what form of ransomware was deployed in the network, which remains disabled at the time of writing.  

"OCA was able to catch the ransomware and limit its impact, and will not pay any ransom," the agency added. "Work continues to bring all judicial resources and entities back online."

It is not believed any sensitive information has been stolen and cloud services used by courts for filing and reviewing documents -- including eFileTexas and reSearchTX -- as well as email services, are unaffected. Individual trial court networks were also outside the scope of the attack. 

CNET: COVID-19 could set a new norm for surveillance and privacy

COVID-19 has forced many critical services, including court systems, to shift from physical locations to remote alternatives. This, in turn, has led to opportunists leveraging the pandemic in malware campaigns and new phishing attacks. 

"The attack is unrelated to the courts' migration to remote hearings amid the coronavirus epidemic," the OCA says. "Due to the ongoing nature of the investigation, remediation, and recovery, OCA will not comment further."

OCA is investigating the incident with the help of law enforcement and the Texas Department of Information Resources (DIR). A temporary website, separate from the impacted branch network, has been set up in the meantime to provide updates on coronavirus efforts. 

TechRepublic: Kaspersky: 73% of workers have received no cybersecurity guidance

In related news this month, Europe's largest private hospital operator, Fresenius, revealed a ransomware attack that disrupted operations. The ransomware believed to be at fault is Snake, a relatively new strain that has previously been spotted in attacks against manufacturing and the industrial sector. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0