On Friday night, May 8, the Texas court system was hit by ransomware which led to the branch network including websites and servers being disabled to block the malware from spreading to other systems.
“On Friday, May 8th, the Office of Court Administration (OCA), the information technology (IT) provider for the appellate courts and state judicial agencies within the Texas Judicial Branch, identified a serious security event in the branch network, which was later determined to be a ransomware attack,” A statement published on the Texas Judicial Branch website today says.
“The attack began during the overnight hours and was first discovered in the early morning hours on Friday. The attack is unrelated to the courts’ migration to remote hearings amid the coronavirus pandemic.”
All @txcourts websites are down. We are aware of this issue and working to remedy it. The outage does not impact email, eFileTexas, or reSearchTX. Updates will be posted later today.
— Texas Courts (@TxCourts) May 8, 2020
David Slayton, Administrative Director of the Office of Court Administration (OCA), IT contractor for state court agencies and appellate courts within the Texas Judicial Branch, further clarified that the network will remain disabled until the breach is resolved.
Texas’ individual trial court networks were not involved in the attack, and no confidential data were compromised based on current information.
At this time, there is no indication that any sensitive information, including personal information, was compromised. Additionally, due to the structure of the IT function within the state judiciary, individual trial court networks throughout the state were unaffected by the cyberattack. – David Slayton
“Judicial branch employees supported by OCA have received training in cybersecurity in recent weeks and will continue to receive updated training,” Slayton added.
“Due to the ongoing nature of the investigation, remediation, and recovery, OCA will not comment further until additional information is available for public release.”
Texas also experienced a concerted ransomware attack last year that targeted 23 local governments, starting on the morning of 16 August.The threat actor behind the attacks allegedly exploited a managed service provider (MSP) used by the Texas administration to distribute the ransomware payloads as technical support.
The attacker ultimately demanded a $2.5 million collective ransom to provide decryptors for all Texas institutions that were affected.