Kansas Court System Down Nearly 2 Weeks in ‘Security Incident’ That Has Hallmarks of Ransomware


Kansas officials are calling a massive computer outage that’s kept most of the state’s courts offline for two weeks a “security incident” and, while they had not provided an explanation as of Wednesday, experts say it has all the hallmarks of a ransomware attack.

The disruption has left attorneys unable to search online records and forced them to file motions the old fashioned way — on paper. Courts are limping along, although the growing piles of paper are a mess that will have to be sorted and scanned eventually.

“It’s really just slowed the whole system down,” said Chris Joseph, a Lawrence-based criminal defense attorney.

Since 2019, ransomware groups have targeted 18 state, city or municipal court systems, said analyst Allan Liska of the cybersecurity firm Recorded Future. That includes one in Dallas, where some jury trials had to be canceled this year.

But state-focused attacks have been much less frequent, and have not yet rivaled what is happening in Kansas.

“We are treating this matter with the highest priority,” Lisa Taylor, the Judicial Branch’s spokesperson, said in an email Wednesday.

Liska noted Tuesday that a short-lived attack in 2019 in Georgia shut down some court websites and forced some court dates to be rescheduled. A cybersecurity threat forced Alaska’s courts offline for about a week in 2021. Texas’ top criminal and civil courts were hit with a ransomware attack in 2020 but the filing system remained operational and trial courts weren’t affected.

Advertisement. Scroll to continue reading.

In Kansas, the first sign of trouble came on Oct. 12 when the state’s Judicial Branch announced a pause in electronic filings because of a “security incident.” The details released since have been sparse.

Taylor said only that an investigation is ongoing in response to questions of whether the courts had determined that this was a malicious attack, whether there’s been a demand for a ransom or when the systems will be back up. The court system has set up a website dealing with the incident, and Taylor said its officials will cooperate with any law enforcement investigation.

The Kansas Bureau of Investigation said only that is is “engaged” in examining the problems, along with “federal partners,” said spokesperson Melissa Underwood.

No ransomware group has come forward to claim credit for the prolonged outage, analysts said. But Liska said it is “highly unlikely” that this is anything but a ransomware attack.

“The fact that they’re calling it a cyber incident says that it’s nefarious,” Liska said.

Notably spared was Johnson County in the Kansas City area, the state’s most populous county. It operates its own computer systems and had not yet switched over to the state’s new online court system.

The effort to switch to a single, statewide system for tracking and managing cases started in 2018 under a 10-year, $11.5 million contract with Dallas-based Tyler Technologies. Tyler, which has similar contracts in around a dozen other states, referred questions to state court officials.

States have been moving toward statewide systems for more than a decades. On the security front, there are pros and cons, said analyst Brett Callow of the cybersecurity firm Emsisoft.

“On the pro side, economies of scale mean more resources should be able to be committed to protecting and securing that system,” he said. “On the con side, when an attack does succeed … it’s going to knock out the entire state system rather than simply an individual county or municipality.”

Additionally, if security is not adequately built in during the rollout, systems can be more vulnerable, Liska said.

A risk assessment of the state’s court system, issued last year, is kept “permanently confidential” under state law. But two recent audits of other state agencies identified weaknesses. The most recent one, released in July, said that “agency leaders don’t know or sufficiently prioritize their IT security responsibilities.”

With the system down, courts haven’t been able to accept electronic filings, process payments, manage cases, grant public access to records, allow people to file electronically for protection-from-abuse orders and to apply electronically for marriage licenses.

In Sedgwick County, home to the state’s largest city of Wichita, Judge Phil Journey said Wednesday that although he is known as a “techie” judge, he’s still maintained extensive paper files. That’s allowing him to move forward with his family law cases. But, he said, other judges who were more reliant on digital files are faced with postponing trials.

“All I know is that we’re on paper for at least another week,” he said. “We’ll be killing a lot of trees.”

In Wyandotte County, also in the Kansas City area, the outage has caused some delays, but trials are proceeding, said Jonathan Carter, a spokesman for the district attorney’s office. A massive ransomware attack last year in the county crippled key services, including the court system. Whether that is related to what is happening now is unclear.

Meanwhile, older attorneys are finding their skills in high demand, as they teach younger attorneys to use faxes and file with paper, said Karla Whitaker, interim executive director of the Kansas Bar Association.

“The wheels of justice are turning,” she said Wednesday. “But I think it’s just happening in a different way at a different pace right now.”

Related: Major Cybersecurity Breach of US Court System Comes to Light

Related: Alaska Court System Briefly Forced Offline Amid Cyber Threat

Related: Attack on Vendor Affects Website of Arizona Court System



Source link