TOPEKA, Kan. (AP) — Kansas officials are calling a massive computer outage that’s kept most of the state’s courts offline for two weeks a “security incident” and, while they had not provided an explanation as of Wednesday, experts say it has all the hallmarks of a ransomware attack.
The disruption has left attorneys unable to search online records and forced them to file motions the old fashioned way — on paper. Courts are limping along, although the growing piles of paper are a mess that will have to be sorted and scanned eventually.
“It’s really just slowed the whole system down,” said Chris Joseph, a Lawrence-based criminal defense attorney.
Since 2019, ransomware groups have targeted 18 state, city or municipal court systems, said analyst Allan Liska of the cybersecurity firm Recorded Future. That includes one in Dallas, where some jury trials had to be canceled this year.
But state-focused attacks have been much less frequent, and have not yet rivaled what is happening in Kansas.
“We are treating this matter with the highest priority,” Lisa Taylor, the Judicial Branch’s spokesperson, said in an email Wednesday.
Liska noted Tuesday that a short-lived attack in 2019 in Georgia shut down some court websites and forced some court dates to be rescheduled. A cybersecurity threat forced Alaska’s courts offline for about a week in 2021. Texas’ top criminal and civil courts were hit with a ransomware attack in 2020 but the filing system remained operational and trial courts weren’t affected.
In Kansas, the first sign of trouble came on Oct. 12 when the state’s Judicial Branch announced a pause in electronic filings because of a “security incident.” The details released since have been sparse.
Taylor said only that an investigation is ongoing in response to questions of whether the courts had determined that this was a malicious attack, whether there’s been a demand for a ransom or when the systems will be back up. The court system has set up a website dealing with the incident, and Taylor said its officials will cooperate with any law enforcement investigation.
The Kansas Bureau of Investigation said only that is is “engaged” in examining the problems, along with “federal partners,” said spokesperson Melissa Underwood.
No ransomware group has come forward to claim credit for the prolonged outage, analysts said. But Liska said it is “highly unlikely” that this is anything but a ransomware attack.
“The fact that they’re calling it a cyber incident says that it’s nefarious,” Liska said.
Notably spared was Johnson County in the Kansas City area, the state’s most populous county. It operates its own computer systems and had not yet switched over to the state’s new online court system.
The effort to switch to a single, statewide system for tracking and managing cases started in 2018 under a 10-year, $11.5 million contract with Dallas-based Tyler Technologies. Tyler, which has similar contracts in around a dozen other states, referred questions to state court officials.
States have been moving toward statewide systems for more than a decades. On the security front, there are pros and cons, said analyst Brett Callow of the cybersecurity firm Emsisoft.
