Superior Court of Los Angeles County closed all courthouse locations on July 22, 2024, in response to a ransomware attack. 36 courthouses were shut down in order to restore systems after the attack.
“Unfortunately, bad actors in the ransomware space don't care about what types of organizations they attack,” comments Erich Kron, Security Awareness Advocate at KnowBe4. “The judicial system is an extremely critical part of the American government, and interruptions and disruptions to the system can have a very negative impact on the public and legal community as a whole. Government entities often have extremely limited budgets for things like cybersecurity and IT services leaving them vulnerable to very skilled adversaries. This attack, happening alongside the largest global IT outage recorded, placed a significant amount of stress on IT and cybersecurity resources, likely making response even more difficult than usual.”
The statement provided by the court affirms the court's intentions to secure sensitive data; however, it does not reveal whether or not any information was exposed due to the attack.
“A component of modern ransomware attacks is often the exfiltration of data,” Kron says, “meaning there’s a good chance that sensitive information will be at risk after this attack.”
The court assures that it is moving toward recovery.
Kron states, “Protecting against these attacks can be a challenge with such a limited budget, so they must focus on the biggest threats and one of the most cost-effective ways to mitigate them. Because most cyberattacks, including ransomware, start with a social engineering attack, these organizations should focus on employee education and fostering a strong security culture. Employees should be encouraged to learn to spot and report suspected social engineering attacks as quickly as possible. Teaching employees the importance of not reusing passwords across different systems is also a key component to counter credential stuffing attacks that may result from massive data dumps such as the recent RockYou2024 credential dump that included over 10 billion credential pairs.”