MISSION, Kan. — Cybercriminals have hacked into Kansas’ justice system, stolen sensitive data and threatened to post it on the dark web in a ransomware attack that has hampered access to data for more than five weeks, officials said Tuesday.
The announcement of a “sophisticated foreign cyberattack” was confirmation of what computer security experts suspected after the state judiciary said on Oct. 12 it had halted the electronic filings. Until now, state officials had released few details, describing it simply as a “security incident.”
Upon learning about the attack, the state disconnected its court information system from remote access and notified authorities, the judiciary said in a statement. That disrupted the day-to-day operations of the state and all but one county appeals courts. Johnson County, the state’s most populous, runs its own computer systems and had not yet transitioned to the state’s new online system.
In recent weeks, many attorneys have been forced to file motions the old-fashioned way: on paper.
“This attack on the justice system in Kansas is malicious and criminal,” the statement said. “Today we express our deep sorrow that Kansas will suffer at the hands of these cybercriminals.”
A preliminary investigation shows that the stolen information includes appellate district court records and other potentially confidential data. Those affected will be notified once a full review is completed, the statement said.
Analyst Allan Liska of cybersecurity firm Recorded Future said no ransomware group leak site has published information yet.
Judiciary spokesperson Lisa Taylor declined to answer questions, including whether the state paid a ransom or the name of the group behind the attack, saying the statement stands alone.
If organizations don’t pay a ransom, data usually appears online within a few weeks, says analyst Brett Callow of the cybersecurity firm Emsisoft. Victims who pay are given a “pink promise” that stolen data will be destroyed, but some are extorted a second time, he said.
In the weeks following the attack in Kansas, access to legal proceedings has only been partially restored. A public access service center with ten computer terminals operates at the Kansas Judicial Center in Topeka.
The judiciary said it would take several weeks to return to normal operations, including electronic filing, and the effort includes “supporting our systems to protect us from future attacks.”
A risk assessment of the state’s legal system released last year is kept “permanently confidential” under state law. But two recent audits of other government agencies revealed weaknesses. The most recent version, released in July, stated that “agency leaders do not know or do not sufficiently prioritize their IT security responsibilities.”