Kansas Supreme Court: Hackers stole records, confidential files in October attack

Siva Ramakrishnan
The Supreme Court of Kansas said the recovery from an October ransomware attack will take significantly more time, warning that the hackers are threatening to leak the data they stole to the dark web if demands are not met.

The Supreme Court of Kansas said the recovery from an October ransomware attack will take significantly more time, warning that the hackers are threatening to leak the data they stole to the dark web if demands are not met.

In a statement this week, Kansas Supreme Court Chief Justice Marla Luckert and several other justices confirmed that the “foreign” cyberattack announced more than a month ago is still incapacitating the information systems of the Kansas Office of Judicial Administration.

The incident has severely limited the daily operations of the state’s appellate courts and district courts in 104 counties.

“When we discovered the attack, we quickly disconnected our information systems from external access. We notified state authorities, and since that time have benefited from the continued support provided by the governor’s office, legislative leadership, and state and federal law enforcement. This attack — on one of our three branches of government — was made against all Kansans,” they said.

“While the impact on our information systems is temporary, the cybercriminals also stole data and threatened to post it to a dark web site if their demands were not met. We are working with cybersecurity experts to identify the data quickly and securely so we can conduct a comprehensive review to determine the full scope of what personal information the cybercriminals may have stolen.”

The justices said the stolen information includes Office of Judicial Administration files, district court case records on appeal, and other data, “some of which may be confidential under law.” The review of what was stolen will take more time, they said, adding that those affected will be notified.

It will take several weeks before normal operations, including electronic filing, will be restored. The justices said their IT team is currently working to improve security systems to protect against future attacks.

On October 15, the state capital city of Topeka announced that its municipal court and probation and prosecution divisions would be closed to the public while the Kansas Supreme Court said it was exclusively using paper records to operate.

Judge Philip Journey, of Sedgwick County, Kansas, told local news outlet KAKE that the outages were due to a ransomware attack.

The Supreme Court said at the time that the attack affected the e-filing system; a portal for protection orders; the district court’s public access portal; the system for appellate cases; the state registry for attorneys, and the Kansas online marriage license application system.

The Kansas eCourt case management system, as well as the court’s payment portal, were also brought down by the attack.

All of these systems are still down as of November 22.

The devastating attack on Kansas’ court system mirrored incidents faced by several others in states across the U.S., many of which have had similar battles against ransomware gangs in the last year.

No ransomware gang has taken credit for the attack, but the statement from Kansas Supreme Court on Tuesday noted that FBI statistics show cybercriminals are increasingly making a point of going after local governments.

“Cybercrime is a persistent and serious threat to our democratic institutions,” they said.

“This assault on the Kansas system of justice is evil and criminal. Today, we express our deep sorrow that Kansans will suffer at the hands of these cybercriminals.”

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Report claims to reveal identity of Russian hacktivist leader

Next Post

North Korean supply chain attacks prompt joint warning from Seoul and London

Related Posts

New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics

A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group tracked as Kimsuky. "The malware payloads used in the DEEP#GOSU represent a
Read More