Tuesday, May 12, 2020

The high cost of hubris: Ransomware attack sidelines online presence of Texas courts

Somebody successfully launched a ransomware attack on the Texas appellate court system. State officials decided not to pay, so now it's impossible to access hand-down lists, opinions, orders, etc., online for the Court of Criminal Appeals, the Texas Supreme Court, or any of the 14 intermediate appellate courts. The OCA also operates computer systems for a slew of smaller agencies like the Texas Indigent Defense Commission, the Office of Capital and Forensic Writs, the Forensic Science Commission, and the State Prosecuting Attorney.

Readers will recall that, last year, Potter County (Amarillo) was struck with a ransomware attack. They also refused to pay and as of last fall, it was unclear if they would ever be able to cover many records from their courts and law-enforcement systems. As in this case, they called in "law enforcement and the Texas Department of Information Resources (DIR) to investigate the breach," but the perpetrators were never caught. This created huge disruptions that are still reverberating.

Grits understands the defiant impulse to not pay ransom. But Amarillo's experience shows that decision can end up cutting of one's nose to spite one's face. Potter County would have been better off paying and calling it the cost of an education, and I suspect, when all is said and done, the same will turn out to be true for the Texas Office of Court Administration.


Steven Michael Seys said...

Check with Feedblitz, Scott. They seem to be having a problem linking to your blog. I had to manually enter the address of the blog to view this post.

Ash said...

I had the same issue as with Steve (above). But to the post, here's to hoping the txcourts.gov site is back up soon.

Unknown said...

"... But we've proved it again and again,
That if once you have paid him the Dane-geld
You never get rid of the Dane."
--Rudyard Kipling

JCH said...

FYI, they are using TXCourts.net as a temporary website and posting orders there.

Gritsforbreakfast said...

@JCH, that's new orders. You can't search old hand-down lists, archives, etc.. They're going to have to reinvent the wheel.

@8:31, if they pay to get access back then shift to a more secure service, that IMO would be the right way to go. Amarillo was F'ed after their ransomware attack.

Will try to see what's going on with Feedblitz. That service has been in place for many years and I never deal with them.

Gritsforbreakfast said...

I checked in with Feedblitz and they were very responsive!

"Upon further review, we saw that an artifact for how links behave in your mailings caused them to not go anywhere.

"We have resolved this issue, and links in your furture mailings will work as expected."

walt said...

I believe we recovered all of our records here in Amarillo. However, we were down for some time. Since that point, we have migrated to the cloud. It was a very humbling experience and lesson.

Anonymous said...

@walt hoooooooooo boy you think going to the cloud is any safer? You literally just threw your stuff from systems you control onto systems you do not control. Has nobody learned that you can't trust cloud-based anything with all of the cloud-based stuff that goes tits-up in a year or two?

Gritsforbreakfast said...

@9:14, my understanding is that the cloud-based systems are immune to the encryption tactic the ransomware folks use. (I don't completely understand why.) It may create other problems, I'm not an IT expert, but it prevents what Potter County and TX courts have endured.

Anonymous said...

I will take Cloud security setup by security professionals over the security setup by the same guy who programs, implements, and fixes the printer (no offense to that guy its not an easy job)!

Anonymous said...

Any operating system that even makes it possible for software to be installed and executed without the knowledge and affirmative commission of admin/user should not be running on government agency computers in the FIRST PLACE.

From this point forward, the Courts' continuing with Windows desktops is the same as refusing to learn anything. They can keep their .NET/AWS/whatever network infrastructure if they love it so much, and they feel the expenditures for vigilance is worth it, but obviously from these calamities it's the *users* that must be brought to heel, and *for that reason* - in ANY government agency or finance-/mission-critical- corporate IT - nothing with Microsoft's or Apple's names on it will do.

Fun fact: the only Linux antivirus programs available are built specifically for Apache and other web services platforms that make for juicy targets, not for desktops. It's not that Linux worms don't exist, they're just so rare and ineffective (and most require *physical presence* at the machine in order to plant) that it's not even worth making an antivirus client for production desktops. For comedy gold, ask AVG or McAfee for a Linux client, and see what they say. You'll not find safe harbor from malicious state actors by predicating on a *NIX platform, but at least the grifting script kiddies can't raid your pantries, and that kind of protection would have been pretty valuable in these cases, wouldn't it?

How much of our tax-paid resources will further enrich Marley & Scrooge, and with no quantifiable benefit to taxpayers, before these malware episodes finally make this point with Fed/State/Local for me? That the Void loves me is hardly a surprise considering how much time I've spent shouting into it about this.

Anonymous said...

P.S.: I'm not really a Linux evangelist, but I WILL tell you when you're wrong for running Windows. Configure your network properly and it shouldn't matter which OS your end clients are running - and those clients should not have Outlook on them, the likeliest vector that took down the Courts.