Cyberattack on Pennsylvania courts didn't appear to compromise data, officials say

HARRISBURG, Pa. (AP) — A weekend cyberattack on the website of Pennsylvania's state courts agency disabled some online systems but did not appear to compromise any data and didn't stop the courts from opening Monday, officials said.

Various county court clerks said their offices were operating smoothly, despite the disruptions to some online portals and services.

The federal government's lead cybersecurity agency, the U.S. Department of Homeland Security and the FBI were investigating the attack on the Administrative Office of Pennsylvania Courts, state Supreme Court Chief Justice Debra Todd said in a statement.

Todd called it a “denial of service” cyberattack, using the federal government’s description for when attackers “flood the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users.”

The attack comes a few months after Kansas' judicial branch was the victim of what it called a " sophisticated cyberattack," from which it took months and millions of dollars to recover. That attack was blamed on a Russia-based group.

Major tech companies Google Cloud, Microsoft and Amazon Web Services have been hit by such attacks in recent years, as have financial institutions. In 2022, some U.S. airport sites were hit. Some of the biggest attacks have been attributed to Russian or Chinese hackers.

Neither the courts agency nor the federal cybersecurity agency, called the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, immediately identified the attackers or a motive.

The agencies also did not say whether the courts' cybersecurity measures had worked as designed or whether the attackers demanded money or a ransom.

In a statement, CISA's executive assistant director, Eric Goldstein, said the agency is in touch with Pennsylvania court officials and will provide assistance.

Among the disabled systems were online docket sheets and an electronic case document filing portal. Court officials said they were still taking paper court filings by paper and by mail. On Monday evening, the courts office said those systems had been restored, although they still appeared to be disabled on the courts' website.

Jack Danahy, a vice president of cybersecurity firm NuHarbor Security in Vermont, said denial-of-service hackers are typically seeking money, although such attacks are harder to profit from because networking experts have ways of defusing them by diverting the flood of internet traffic.

Such attacks are often traced back to state-backed actors, but they are also relatively easy for smaller hackers to mount, Danahy said.

The attackers can find ways of hiding their identity and can use a denial-of-service attack to mask an underlying attack, such as a ransomware attack, Danahy said.

Alexander Leslie, an analyst with the cybersecurity firm Recorded Future, said some denial-of-service tools are open-source, featuring software whose code is publicly accessible, while others are available to criminals for premium fees.

Some denial-of-service attacks are distributed, meaning they can use thousands or millions of devices to barrage a website. That can make it difficult to pinpoint a culprit or motive, absent a public claim of responsibility, Leslie said.

In Kansas, the state’s court system started bringing its computerized case management system back online two months after the October cyberattack that forced it to shut it down, along with public access to documents and other systems.

Last month, Kansas' top judicial official told lawmakers that the state's court system needed at least $2.6 million in additional money to cover the costs of bringing multiple computer systems back online, pay vendors, improve cybersecurity and hire three additional cybersecurity officials.

The hackers stole data and threatened to post it on a dark website if its demands were not met, officials said. Judicial branch officials have not spelled out the attackers’ demands, but said that no ransom was paid.

___

Follow Marc Levy at www.twitter.com/timelywriter.