Texas Courts hit by ransomware, network disabled to limit spread

CyberTech

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Content source
https://www.bleepingcomputer.com/news/security/texas-courts-hit-by-ransomware-network-disabled-to-limit-spread/
The Texas court system was hit by ransomware on Friday night, May 8th, which led to the branch network including websites and servers being disabled to block the malware from spreading to other systems.

"On Friday, May 8th, the Office of Court Administration (OCA), the information technology (IT) provider for the appellate courts and state judicial agencies within the Texas Judicial Branch, identified a serious security event in the branch network, which was later determined to be a ransomware attack," a statement published today on the site of the Texas Judicial Branch says.

"The attack began during the overnight hours and was first discovered in the early morning hours on Friday. The attack is unrelated to the courts’ migration to remote hearings amid the coronavirus pandemic."
Click to expand...
 
  • Like
  • Wow
Reactions: harlan4096, [correlate], Protomartyr and 2 others
M

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
This and the Pitney Bowes incident both make me wonder if from a network perspective it might start helping to have aggressive outbound filtering on clients. The encrypting part of ransomware is not as scary, in my opinion, because if you have a backup strategy you just lose a little bit of downtime to restore from backup.

The uploading all your data aspect of ransomware is definitely the new form of ransom and a lot of businesses/organizations have more to lose from public leaks than from losing their data or a few days of productivity.

It seems like we need either HIPS or a firewall level sanity check for clients that have been uploading more data than they usually do, and having that be an indicator of compromise.

This is kind of interesting because back in the late 90's early 2000's, firewalls all focused on outbound application control. ZoneAlarm led that pack and was quite infamous in all of the prompting dialogs every time a new application wanted to use the Internet. Over the course of the decades, it seems like almost every AV suite either completely dropped their outbound firewall or made a bunch of default-allow rules based off reputation or digital signature lookups. This might be the way it bites us now....
 
  • Like
  • +Reputation
Reactions: harlan4096, [correlate], Protomartyr and 2 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News Victoria court recordings exposed in reported ransomware attack
Replies
1
Views
1,222
Security News
gorblimey
gorblimey
[correlate]
    • Like
    • +Reputation
    • Wow
Dallas says Royal ransomware breached its network using stolen account
Replies
0
Views
1,119
News Archive
[correlate]
[correlate]
Gandalf_The_Grey
    • Applause
Security News French police arrests Russian suspect linked to Hive ransomware
Replies
0
Views
1,016
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top