author photo
By Clare O’Gara
Wed | May 13, 2020 | 1:59 PM PDT

You know what they say: everything is bigger in Texas. Including the ransomware attacks.

Hackers hit Texas court system

When hacking an organization in Texas, why not make it an entire branch of government?

That was the logic used by cybercriminals in early May, when they took to the technology provider for the Texas Judicial Branch.

The state avoided disclosing specifics of the attack in its announcement, but explained how the court is responding:

"Immediately upon discovery, the Office of Court Administration (OCA) IT staff disabled the branch network including websites and servers to prevent further harm. The network has remained disabled since this time and will continue to do so until the breach is remediated.

In the meantime, a temporary web site has been established with critical judicial branch information, including information concerning the COVID-19 pandemic."

It also reassured that judicial branch employees recently received updated cybersecurity training, and will continue to do so as things evolve.

On the bright side, it looks like the impact of this breach is fairly minimal.

"At this time, there is no indication that any sensitive information, including personal information, was compromised. Additionally, due to the structure of the IT function within the state judiciary, individual trial court networks throughout the state were unaffected by the cyberattack."

The statement excluded information about the exact kind of ransomware that struck the system and the price that the hackers were asking for.

Ransomware attacks: to pay or not to pay?

When it comes to ransomware, the Texas judicial branch got lucky.

"OCA was able to catch the ransomware and limit its impact and will not pay any ransom. Work continues to bring all judicial branch resources and entities back online."

Texas officials get to avoid making a tricky, and widely-debated, decision in cybersecurity: when grappling with ransomware, do you pay the ransom?

It's a difficult choice to make, and it is full of risk. SecureWorld has covered the question before.

Proofpoint researchers found that nearly 70% of organizations successfully got their data back following a ransomware payment—the decryption keys worked.

But that's where the story grows dark. Look at what happened to the other 30% of those who paid a ransom:

  • 22% paid the ransom and never got access to their data.
  • 10% paid the ransom and then hackers demanded a second ransom from their organization.
  • Some organizations paid the secondary ransom demand and generally gained access to their data.
  • Most organizations in this position walked away with nothing at this point, refusing to pay a secondary ransom.

This data reveals that negotiating with hackers is a roll of the dice. 

In this case, it appears the Texas judicial system caught the attack early enough to avoid this dilemma.

Tags: Ransomware,