US Court Documents Published in Ransomware Attack

Written by

Cyber-criminals who launched a ransomware attack on a US court have published what they claim are stolen court documents online. 

Attackers claim to have successfully targeted the Fourth Judicial District Court of Louisiana with a ransomware strain known as Conti, first detected in the wild in December 2019. The malware has been observed to use the same ransom note deployed by the Ryuk crypto-malware family, and code similarities have been spotted between the two ransomware strains. 

Alleged proof of the attack was published on the dark web this week. Those claiming responsibility for the crime have uploaded what appear to be court documents exfiltrated in the incident. 

Among the allegedly swiped documents are responsive verdicts for a second-degree kidnapping, an armed robbery, and a case of aggravated rape. Other documents appear to relate to excuses given by jurors and a meeting of judges.

The website of the Fourth Judicial District Court of Louisiana, 4jdc.com, is currently offline. The court covers Ouachita Parish and Morehouse Parish and is one of the state's 42 judicial districts. Cases handled by the court include civil, criminal, and juvenile cases, which are typically heard in Monroe and Bastrop.

Details of how big a ransom the attackers are demanding have not been revealed. 

Ransomware attacks are nothing new in the Pelican State. In December 2019, an attack of this nature was carried out against Louisiana educational establishment Baton Rouge Community College. The incident occurred just two days before a planned commencement ceremony at the college. 

A month earlier, a major ransomware attack on Louisiana state IT infrastructure forced multiple services offline, including government websites, email, and internal applications.

In July of 2019, the governor of Louisiana declared a state of emergency after ransomware attacks knocked out IT systems in three school districts. 

"This situation highlights how every organization possesses valuable data that threat actors can hold for ransom and paralyze operations," commented Hank Schless, senior manager of security solutions at Lookout.

Mulling over how the attack may have unfolded, Schless added: "An advanced hacking group like the one behind Conti would likely use social engineering to convince a target employee to download a document or file to their device."

What’s hot on Infosecurity Magazine?