The Office of Court Administration announced early Monday that an outage on the Texas Judiciary website discovered on Friday was the result of a ransomware attack.
An official announcement made via Twitter signed by Megan Lavoie of the OCA said the breach had been discovered Friday by the IT provider for the appellate courts and state judicial agencies.
“The attack began during the overnight hours and was first discovered in the early morning hours on Friday. The attack is unrelated to the court’s migration to remote hearings amid the coronavirus pandemic,” the letter states.
“The network has remained disabled since this time and will continue to do so until the breach is remediated,” Lavoie said.
OCA was able to catch the ransomware and limit its impact and will not pay any ransom, Lavoie said.
“We have people working to clean it all up and put it back together,” Chief Justice Nathan Hecht told The Texas Lawbook. “There are lots of backups. As far as I know, everyone is functional.”
Hecht said the hack occurred in early morning Friday. He said he doesn’t know what demands the hackers have made because the cyber professionals hired by the court have advised him against even looking.
“Right now, we are letting the forensic people do their work,” he said. “I have no idea on a time frame” when the system will be back up and running.
The hack impacted the Supreme Court, the OCA and some courts of appeals, although not the Texas Court of Criminal Appeals or the Austin Court of Appeals.
A ransomware attack involves the malicious encryption of a website, resulting in its immobilization. The website can only be decrypted by a complex digital key supplied by hackers after a ransom is paid.
“OCA is working with law enforcement and the Texas Department of Information Resources to investigate the breach. DIR and other information security authorities are providing assistance to OVA with recovery support.”
Users of the site have been aware that something was amiss since early Friday. A temporary site now guides users to the Twitter announcement. In recent years, the majority of entities supported by the OCA have moved to cloud storage and resources, Lavoie noted, and those resources were not affected.
She added that there is no indication that any sensitive information, including personal information, was compromised.
Mark Curriden contributed to this report.