Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Kansas Officials Blame 5-Week Disruption of Court System on ‘Sophisticated Foreign Cyberattack’

Cybercriminals hacked into the Kansas court system, stole sensitive data and threatened to post it on the dark web in a ransomware attack that has hobbled access to records.

Cybercriminals hacked into the Kansas court system, stole sensitive data and threatened to post it on the dark web in a ransomware attack that has hobbled access to records for more than five weeks, officials said Tuesday.

The announcement of a “sophisticated foreign cyberattack” was confirmation of what computer security experts suspected after the state’s Judicial Branch said Oct. 12 that it was pausing electronic filings. Until now, state officials had released few details, describing it simply as a “security incident.”

Upon learning about the attack, the state disconnected its court information system from external access and notified authorities, the Judicial Branch said in a statement. That disrupted daily operations of the state’s appellate courts and all but one county. Johnson County, the state’s most populous, operates its own computer systems and had not yet switched over to the state’s new online system.

In recent weeks many attorneys have been forced to file motions the old fashioned way — on paper.

“This assault on the Kansas system of justice is evil and criminal,” the statement said. “Today, we express our deep sorrow that Kansans will suffer at the hands of these cybercriminals.”

A preliminary review indicates that the stolen information includes district court case records on appeal and other potentially confidential data, and those affected will be notified once a full review is complete, the statement said.

Analyst Allan Liska of the cybersecurity firm Recorded Future said no ransomware group leak site has published any information yet.

Judicial Branch spokesperson Lisa Taylor declined to answer questions including whether the state paid a ransom or the name of the group behind the attack, saying the statement stands on its own.

Advertisement. Scroll to continue reading.

If organizations don’t pay a ransom, data usually begins to appear online within a few weeks, said analyst Brett Callow of the cybersecurity firm Emsisoft. Victims that pay get a “pinky promise” that stolen data will be destroyed, but some are extorted a second time, he said.

In the weeks since the Kansas attack, access to court records has only partially been restored. A public access service center with 10 computer terminals is operating at the Kansas Judicial Center in Topeka.

The Judicial Branch said it would take several weeks to return to normal operations, including electronic filing, and the effort involves “buttressing our systems to guard against future attacks.”

A risk assessment of the state’s court system, issued last year, is kept “permanently confidential” under state law. But two recent audits of other state agencies identified weaknesses. The most recent one, released in July, said “agency leaders don’t know or sufficiently prioritize their IT security responsibilities.”

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.