Texas courts shut down websites and disabled servers late last week in response to a ransomware attack, the Office of Court Administration announced Monday.
System administrators discovered early Friday that hackers had taken over at least a portion of the statewide court network and demanded some form of ransom in return for restoring control. In a statement, the administration said the attack began “in the overnight hours” the same day it was discovered.
The state did not specify what exactly hackers requested or how they gained access to the system, and a spokeswoman did not return a phone call seeking comment. The court system is working with state law enforcement to investigate the breach and vowed not to pay any ransom.
The administration runs the information technology services for Texas appellate courts and state judicial agencies, including the Texas courts website.
“At this time, there is no indication that sensitive information, including personal information, was compromised,” a news release states.
The coronavirus pandemic had already forced Texas courts to use more video hearings. This ransomware attack is not related to the effort to increase the number of remote hearings, according to the news release.
Previous work by the state to move information technology functions online to the cloud helped mitigate the damage from the attack. This ensured the systems for filing and reviewing documents, along with the email system, were not affected, according to the news release. Individual trial court networks were also unaffected.
The state created a temporary website that includes information about the attack and coronavirus guidance for courts. The news release from the court administration said employees previously received cybersecurity training, but additional training will be provided.
This is not the first ransomware attack to hit a Texas agency. Last August, at least 20 state agencies were affected by a coordinated attack, according to the state Department of Information Resources. By Sept. 5, the department said more than half of the targeted agencies were back to working as usual.
To avoid such attacks, the department suggests not opening attachments from unfamiliar senders, using unique passwords and not sharing personal or identifying information about yourself or your employer unless necessary.