The crippling ransomware attack on the Texas appellate court system came from a Russian internet protocol address and has cost the state at least $1.5 million to remediate. It resulted in weeks of lost productivity for courts of appeals around the state that were unable to access the case management system used to process appeals.
Judiciary network systems are finally limping back into operation, more than two months after the May 8 attack. The Dallas-based Fifth Court of Appeals tweeted Monday that its website and online dockets and documents and attorney portal were fully functional.
It has been a difficult period not only for justices and clerk offices around the state, but for the Office of Court Administration (OCA), which manages technology for the appellate courts and where the attack entered the computer network.
It was in the wee hours of that Friday morning when hackers gained access through a computer terminal at OCA’s office near the Capitol. By the time it was discovered several hours later, the ransomware had spread to the network of intermediate courts of appeals and the Supreme Court.
Around the state, appellate court employees who were largely working from home due to the pandemic, tried to access documents that morning only to find a message stating that the documents were locked. The message listed a toll-free number to call to find out how much it would cost to unlock the documents, with the first one unlocked for free.
In order to limit the spread of attack, OCA disabled its network of court websites and tweeted news of the attack. The Texas Supreme Court, set to release its weekly orders and opinions that morning on its website, turned to Twitter to put them out.
The outage came hours after the Supreme Court made national news with its order releasing a Dallas hair salon owner who had been jailed for violating orders from the governor and a trial court to keep her salon closed.
Texas Supreme Court Chief Justice Nathan Hecht said state investigators believe the hack was random and unrelated to that or any other case.
“The attack was stopped but it had pretty well gone through most of what we had by the time it was discovered and stopped,” he said.
The main impact on the courts’ ability to continue processing appeals was the loss of the case management system and electronic filing system known as TAMES, which feeds documents to the court’s website and sends out notices to parties. This left courts and lawyers involved in pending appeals unable to access records and electronic briefs.
Blake Hawthorne, clerk of the Supreme Court, soon got his staff together on a Zoom meeting and talked about how they could move ahead without TAMES. The court retained its ability to accept electronic case filings but had to manually enter information and keep track of the filings on a spreadsheet.
One workaround that allowed jurists and lawyers to access filed case documents came through the privately operated re:SearchTX. The web-based platform gives registered users access to an online repository of court case information powered by the Texas e-filing database.
The Supreme Court was able to continue working offline, using the re-SearchTX database and its own backup system. Hawthorne said he had tested the backup system by exporting pending case information discussed during the justices’ April conference to an external hard drive not connected to the network. The court used that information for its May conference to discuss its remaining cases.
“We kind of cobbled together a system and we made it work and the court managed to get all of its opinions out for the term,” Hawthorne said.
Hawthorne initially was concerned that his 15 years of work to craft a uniform approach to technology for all the appellate courts would be lost. Although court computer systems are backed up daily, Hawthorne was unsure whether online records going back to 1945 might also have been corrupted.
“Thinking about that and how we would recover from something like that was difficult, especially when I’ve spent a good part of my professional life constructing all of this,” said Hawthorne.
The state’s back-up systems held and provided the critical data needed to rebuild court websites. Email remained functional, allowing Supreme Court justices and attorneys to continue communicating about appeals while they labored from home.
OCA worked with state and federal law enforcement and brought in contractors to rebuild its systems. Executive Director David Slayton said his office has spent about $1.5 million responding to the incident. He said investigators have identified the Russian IP address from which the attack originated but he doesn’t know if anyone will be prosecuted.
Slayton said the cyber attacked impacted the 14 intermediate courts of appeals to varying levels. Information was not corrupted at the Fifth and Third courts, the Court of Criminal Appeals, and the State Law Library. Several other courts, including the Houston-based First and Fourteenth courts, state that their websites are still not fully functional.
“I am really thankful to all the courts for their patience. Obviously it was very difficult for them,” said Slayton. “I’m grateful to the technology staff at the Office of Court Administration that worked around the clock seven days a week for weeks and weeks on end to try to get the network up and operational.”
Slayton won’t say exactly how the ransomware entered his office although it commonly happens when a computer user clicks on a link in an email or responds to a request for personal information. He said judiciary personnel had just completed a state-mandated training on cybersecurity a week before the hack.
Hecht said there is no sure defense to invasions of ransomware and other malicious software by hackers. “You just have to build in as many mechanical barriers as you can and train people over and over again,” he said.
He also supports a national effort by state courts to get help from the federal government, which has greater expertise in cybersecurity.
Hawthorne said Texas should view spending on cybersecurity as insurance to prevent costly intrusions like the one that impacted the judiciary.
“How much has that cost the state and would it be wise to provide better funding in the first place?” he asked.