Pennsylvania courts say no ransom was paid in cyberattack, and attackers never sent a demand

FILE - The exterior of the Pennsylvania Judicial Center, home to the Commonwealth Court in Harrisburg, Pa., Feb. 21, 2023. A weekend cyberattack on the website of Pennsylvania's state courts agency disabled some online systems but did not appear to compromise any data and didn't stop the courts from opening Monday, Feb. 5, 2024, officials said. (AP Photo/Matt Rourke, File)

HARRISBURG, Pa. (AP) — A weekend cyberattack on the website of Pennsylvania's state courts agency disabled some online systems but did not appear to compromise any data and didn't stop the courts from opening Monday, officials said.

Various county court clerks said their offices were operating smoothly, despite the disruptions to some online portals and services.

The federal government's lead cybersecurity agency, the U.S. Department of Homeland Security and the FBI were investigating the attack on the Administrative Office of Pennsylvania Courts, state Supreme Court Chief Justice Debra Todd said in a statement.

Todd called it a “denial of service†cyberattack, using the federal government’s description for when attackers “flood the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users.â€

Among the disabled systems were online docket sheets and an electronic case document filing portal, although court officials said they were still taking paper court filings by paper and by mail. Court officials maintained that they had no evidence that hackers had stolen data, and appeared to have restored some disabled services Monday evening, including access to electronic dockets and an electronic document filing portal.

The attack comes a few months after Kansas' judicial branch was the victim of what it called a " ," from which it and to recover. That attack was blamed on a Russia-based group.

Major tech companies Google Cloud, Microsoft and Amazon Web Services in recent years, as have financial institutions. In 2022, some . Some of the biggest attacks have been attributed to Russian or Chinese hackers.

Neither the courts agency nor the federal cybersecurity agency, called the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, immediately identified the attackers or a motive.

The agencies also did not say whether the courts' cybersecurity measures had worked as designed or whether the attackers demanded money or a ransom.

In a statement, CISA's executive assistant director, Eric Goldstein, said the agency is in touch with Pennsylvania court officials and will provide assistance.

Jack Danahy, a vice president of cybersecurity firm NuHarbor Security in Vermont, said denial-of-service hackers are typically seeking money, although such attacks are harder to profit from because networking experts have ways of defusing them by diverting the flood of internet traffic.

Such attacks are often traced back to state-backed actors, but they are also relatively easy for smaller hackers to mount, Danahy said.

The attackers can find ways of hiding their identity and can use a denial-of-service attack to mask an underlying attack, such as a ransomware attack, Danahy said.

Alexander Leslie, an analyst with the cybersecurity firm Recorded Future, said some denial-of-service tools are open-source, featuring software whose code is publicly accessible, while others are available to criminals for premium fees.

Some denial-of-service attacks are distributed, meaning they can use thousands or millions of devices to barrage a website. That can make it difficult to pinpoint a culprit or motive, absent a public claim of responsibility, Leslie said.

In Kansas, the state’s court system its computerized case management system back online two months after that forced it to shut it down, along with public access to documents and other systems.

Last month, Kansas' top judicial official that the state's court system needed at least $2.6 million in additional money to cover the costs of bringing multiple computer systems back online, pay vendors, improve cybersecurity and hire three additional cybersecurity officials.

The hackers stole data and threatened to post it on a dark website if its demands were not met, officials said. Judicial branch officials have not spelled out the attackers’ demands, but said that no ransom was paid.

___

Follow Marc Levy at .

ºÚÁϳԹÏÍø. All rights reserved.

More Science Stories

Sign Up to Newsletters

Get the latest from ºÚÁϳԹÏÍø News in your inbox. Select the emails you're interested in below.