Officials say they will not pay any ransoms or demands of the attackers!
Texas officials have revealed that a ransomware attack was launched against its court system but insists no ransom will be paid.
According to a statement issued on Monday by the Office of Court Administration (OCA), later posted on Twitter, the attack took place overnight last Thursday and was discovered on Friday morning.
The agency is responsible for providing IT services to the Texan court system. The malware made its way through the OCA’s branch network, and as soon as the ransomware was spotted, linked servers and websites were disabled in an attempt at limiting the damage.
It has not been disclosed yet what brand of ransomware was deployed in the network, which remains disabled at the time of writing.
“OCA was able to catch the ransomware and limit its impact, and will not pay any ransom,” the agency added. “Work continues to bring all judicial resources and entities back online.”
It is not believed any sensitive information has been stolen and cloud services used by courts for filing and reviewing documents — including eFileTexas and reSearchTX — as well as email services, are unaffected. Individual trial court networks were also outside the scope of the attack.
COVID-19 has forced many critical services, including court systems, to shift from physical locations to remote alternatives. This, in turn, has led to opportunists leveraging the pandemic in malware campaigns and new phishing attacks.
“The attack is unrelated to the courts’ migration to remote hearings amid the coronavirus epidemic,” the OCA says. “Due to the ongoing nature of the investigation, remediation, and recovery, OCA will not comment further.”
OCA is investigating the incident with the help of law enforcement and the Texas Department of Information Resources (DIR). A temporary website, separate from the impacted branch network, has been set up in the meantime to provide updates on coronavirus efforts.
In related news this month, Europe’s largest private hospital operator, Fresenius, revealed a ransomware attack that disrupted operations. The ransomware believed to be at fault is Snake, a relatively new strain that has previously been spotted in attacks against manufacturing and the industrial sector.
An easy mitigation tactic is to always have secure backups of all your sensitive data. An even more so encrypt that data in case there is a sub-sequential leak due to malware or ransomware. Always patch and update your servers and software to keep security up to date. An simple cyber security awareness training can make such an impact in the work force. Most of these Ransoms start with a simply unpatched server or a user opening a phishing email. Once inside, hackers then canvas the network for the best point to run the ransomware.