5-Week Disruption to Kansas Courts Caused by Sophisticated Foreign Cyberattack

PK Tech Blog Image (9)

It’s easy to miss news of the cybersecurity threats and attacks happening almost everywhere. At PK Tech, our goal is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware – without being afraid – of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity. 

This month, we’re highlighting a sophisticated foreign cyberattack that caused a 5-week disruption to the courts in Kansas (reference). What happened, what was the fallout, and why should you care? We’re covering it all here. Let’s dive in.

What the “Hack” Happened?

Cybercriminals targeted the Kansas court system in November by hacking in and stealing sensitive data. As it generally follows, the ransomware group then threatened to post the data on the dark web. The attack and subsequent threats halted access to court records in the state of Kansas for five weeks. 

Following the attack and the five-week stall, access to court records has only been partially restored. It will likely take the state several weeks to return to normal, which includes electronic filing for the Judicial Branch.

The Fallout

When the attack was identified, the state immediately disconnected its court information system from external access, notifying authorities as they did so. While this reaction provided some protection for the court systems, it also disrupted daily operations for the state’s appellate courts for all but one county. The main effect of this action was that it caused attorneys to file motions the old-fashioned way – with paper.

A third-party cybersecurity firm provided a preliminary review of the attack, reporting that stolen information included district court case records on appeal and other miscellaneous confidential data. Individuals affected will be notified when the full audit is completed. 

Lessons Learned #ITCouldHaveBeenWorse

The cybersecurity firm Recorded Future, hired to assess the fallout of the attack, said that no information had been leaked and published online.

The state had not paid a monetary ransom on record either. Typically, if organizations refuse to pay a ransom, hackers release data online. If a ransom is paid, organizations get a verbal “promise” that stolen data will be destroyed – but no legitimate guarantee. This often leads to a second-time extortion. 

This attack will hopefully inspire a cybersecurity overhaul for the Kansas court system. While official cybersecurity assessments are kept confidential, third-party audits have reported recent weaknesses in the cybersecurity infrastructure for the state. This most recent effect on the court systems will likely push the state to take cybersecurity more seriously moving forward.  

There are certainly worse things than having to go back to filing motions the old-fashioned way. Next time, it could be far more detrimental. As we always like to say, #ITCouldBeWorse.