Los Angeles Superior Court Shuttered by Ransomware Attack

The Los Angeles Superior Court, the largest unified trial court in the U.S., was closed on Monday following a ransomware attack that affected its systems last week.  

‍

Detected on Friday, the attack led to the shutdown of all 36 courthouse locations in the county as court personnel and security experts worked to repair the severely impacted network systems.  

‍

The court's website remained partially offline, and the attackers have not been identified. A spokesperson mentioned that operations are expected to resume on Tuesday. Affected systems included the jury duty portal and internal case management functions.

‍

"Every electronic platform containing court data was rendered inaccessible as was any device that was connected to the internet, including the Court's telephone systems," Reuters reported a court official as stating.

‍

Takeaway: Hospitals nationwide must cancel medical procedures and divert ambulances to alternative facilities. Our schools face closures due to ransomware attacks as frequently as they do for inclement weather. The court systems have emerged as another critical vulnerability.

‍

State and local governments are increasingly experiencing disruptions to essential services from ransomware attacks, with instances severe enough to prompt emergency declarations, such as the recent case in Clay County, Indiana.

‍

These disruptions starkly highlight the inadequacy of our current response to ransomware attacks.

‍

While law enforcement actions and government sanctions against ransomware operators are necessary, they are insufficient. Even if individual threat actors are arrested or operations are disrupted, replacements quickly emerge.  

‍

Despite some arrests of low-level affiliates in the ransomware ecosystem, law enforcement efforts have had minimal impact on the overall disruption of ransomware activities.

‍

A critical issue that is not receiving enough attention is the dual nature of many modern ransomware attacks. These attacks are not only highly profitable for the perpetrators but also advance the geopolitical interests of adversarial nations like Russia.  

‍

This is particularly alarming as we approach a contentious election season. We must prepare for the possibility that even a few isolated disruptions could generate widespread fear, uncertainty, and doubt.  

‍

Ransomware operators aim to maximize pain, frustration, and publicity because it drives their revenue. However, attacks like we are seeing today suggest motivations beyond financial gain, potentially serving geopolitical objectives.

‍

It is imperative that the U.S. government reclassify a significant portion of ransomware attacks as threats to national security. These attacks are no longer merely criminal matters, particularly when they target healthcare providers, utilities, or systems managing our elections and other critical infrastructure.

‍

There must be severe consequences not only for the individuals orchestrating these attacks and profiting from them but also for the nation-states benefiting geopolitically. Without meaningful repercussions, these attackers will continue to act with impunity, and the severity of the fallout from these attacks will escalate.

‍

‍

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.