The Los Angeles County Superior Court, the biggest trial court in the country, remained closed Monday as it sought to recover from a ransomware attack on its computer systems, officials said.
The attack was detected Friday and doesn’t appear to be related to the CrowdStrike software update that paralyzed Windows computers around the world and affected governments, airlines and other agencies last week, court officials said in a Sunday news release.
This closure affected all 36 courthouses in the county, but the court issued a statement Monday afternoon, announcing that all 36 courthouses will reopen Tuesday. The statement included directions for some potential jurors who were summoned for jury duty but also warned that “court users should expect delays and potential impacts due to limits in functionality.
The affected court systems span the My Jury Duty Portal for jurors and the court’s website, as well as the court’s case management systems. A preliminary investigation showed no evidence that court users’ data were compromised, officials said.
Ransomware, a type of malware, encrypts computer data and prevents files, systems or entire networks from being accessed. Cybercriminals will often steal data and cripple the affected computer system until a ransom, which may range from thousands to millions of dollars, is paid, experts say.
Last year, the Internet Crime Complaint Center received 2,825 reports of ransomware attacks across the United States, resulting in losses of more than $59.6 million. Healthcare and public health operations, critical manufacturing and government facilities were the sectors most affected, according to an FBI report.
Typically, ransomware infects computers after someone clicks on a malicious link in an email or visits a website that contains the malware. In some cases, though not frequently, hackers can exploit a “zero day vulnerability,” or a weakness in a system that hasn’t been patched, to gain access.
“Ransomware is so frustrating to cybersecurity professionals because it’s the most preventable type of attack,” said H. Bryan Cunningham, executive director of the UC Irvine Cybersecurity Policy and Research Institute.
“All you really have to do to insulate yourself from a successful ransomware attack is have a fully encrypted, frequent backup of your data where the backup is not connected to the internet when you do it,” Cunningham said, noting that these backups can be done on a separate hard drive or a cloud service.
A team of consultants, vendors and law enforcement officials has been trying to get the court systems working again, but some were still inaccessible as of Sunday, officials said.
Court officials declined to answer questions about how the attackers got control of the systems, whether the county paid a ransom, what confidential information, if any, was exposed or whether any data was lost. The L.A. County district attorney’s office referred questions to Superior Court officials.
This isn’t the first time a U.S. court system has been affected by a ransomware attack. In Fulton County, Ga., a ransomware attack in January upended court operations and other county services. Officials were grappling with the fallout for months.
Although many governments and industries have taken steps to prevent this type of attack, hacking isn’t going to dissipate over time, said Steve Garrison, senior vice president of marketing at Stellar Cyber, a cybersecurity firm.
“You can’t spend your way out of this,” he said. “Even if you spend infinite money you can still have risk because hackers take pride in finding the best way to get in, even if they think you’re well protected. That’s just human nature. We have to be aware of it every day.”
The Los Angeles County Sheriff’s Department said in a statement that no inmates would be transported to court Monday because of the closure. However, the court disruption “does not affect the release date of an individual who has been sentenced and is scheduled for release that day,” the department said.
On the other hand, county officials said, there may be delays getting orders for releases from juvenile hall and transferring people to programs.
Evictions and move-out orders were suspended for the day, according to the Sheriff’s Department.
The attack didn’t affect the L.A. County public defender’s office, the agency said in a news release, adding that it’s communicating with the Superior Court “to ensure the protection of our clients’ rights.”
Public defender offices were open Monday and attorneys remained available to provide legal counsel.
“The right to a speedy trial is a cornerstone of justice, and this remains our priority,” the office said in the release. “We are actively monitoring the impact of the attack on court schedules and will take all necessary legal steps to protect our clients’ constitutional and statutory rights.”
The public defender’s office will also be prioritizing expedited release process for eligible clients.
Emergency matters, such as warrants and removal orders, were set to be addressed by the Department of Children and Family Services’ court magistrate, officials said. Transportation for children scheduled to appear Monday was canceled.
Child support hearings scheduled for Monday didn’t go forward as scheduled because of the closure, and participants were to be notified of their new court date. Filings were also not accepted Monday because of the closure.
There could also be delays in conservatorship proceedings and CARE Court services for the Department of Mental Health, officials said.