Texas Judiciary Attacked by Ransomware

The Office of Court Administration (OCA) informed members of the judiciary late last night that the IT provider for the courts identified a ransomware attack. Below is a statement from OCA:

On Friday, May 8th, the Office of Court Administration (OCA), the information technology (IT) provider for the appellate courts and state judicial agencies within the Texas Judicial Branch, identified a serious
security event in the branch network, which was later determined to be a ransomware attack. The attack began during the overnight hours and was first discovered in the early morning hours on Friday. The attack is unrelated to the courts’ migration to remote hearings amid the coronavirus pandemic.

Immediately upon discovery, OCA IT staff disabled the branch network including websites and servers to prevent further harm. The network has remained disabled since this time and will continue to do so until the breach is remediated. OCA is working with law enforcement and the Texas Department of Information Resources (DIR) to investigate the breach. DIR and other information security authorities are providing assistance to OCA with recovery support. OCA was able to catch the ransomware and limit its impact and will not pay any ransom. Work continues to bring all judicial branch resources and entities back online. In the meantime, a temporary web site has been established with critical judicial branch information, including information concerning the COVID-19 pandemic.

In recent years, the majority of the Texas Judicial Branch entities supported by OCA have moved many IT functions to the cloud. These services have not been impacted by the attack. These cloud services include eFileTexas (for filing of documents), reSearchTX (for reviewing filed documents), collaboration tools for editing and sharing documents, and email. This action will permit many of the courts and judicial branch agencies to continue operations and ensure that filing of documents can continue uninterrupted. At this time, there is no indication that any sensitive information, including personal information, was compromised. Additionally, due to the structure of the IT function within the state judiciary, individual trial court networks throughout the state were unaffected by the cyberattack.

Judicial branch employees supported by OCA have received training in cybersecurity in recent weeks and will continue to receive updated training.

Due to the ongoing nature of the investigation, remediation, and recovery, OCA will not comment further until additional information is available for public release.

Thank you for your patience as OCA works to remedy this situation.

Media Contact:
Megan Lavoie, OCA Director of Public Affairs

About: Will Trevino

Will has over 10 years of experience working with municipal governments. He previously worked for the Fort Worth City Attorney’s Office for five years where he advised on election law, municipal procurement, Human Resource matters, the City’s Minority Business Enterprise Division, open meetings, public information, and prosecuted Class C misdemeanor violations of the Texas Penal Code, Texas Transportation Code and Fort Worth City Code. Will has drafted ordinances relating to sexually oriented businesses, zoning, subdivision, building code, special events, smoking regulations, franchise agreements, solicitation, and rights-of-way. Will has additional experience working in municipal government where he served for over 5 years in various roles, including chief of staff and district director, to several council members in Houston and Fort Worth. He is currently the City Attorney for the Cities of Clarksville, Whitney and Bartlett. Will is also involved in all aspects of municipal service to Messer, Fort & McDonald’s clients in Austin and Frisco, including municipal court prosecution. Above all, Will has a passion for advising clients on cybersecurity matters.