Recovery from cyberattack ‘on the horizon,’ Kansas Supreme Court chief justice says

The Kansas state court system is close to a full recovery from an October ransomware attack that forced officials to use paper records for weeks, state Supreme Court Chief Justice Marla Luckert said Wednesday.

During a State of the Judiciary speech in front of the Kansas legislature, Luckert spoke at length about the incident, telling lawmakers that a ransomware gang based in Russia carried out the attack first discovered early on October 12.

“In doing so, they attacked one of our democratic institutions, a foundation of our democratic society, one of the three branches of our government,” she said.

“These criminals acted against all Kansans, our state and our democratic institutions. Though the source and the scope of that incident was not immediately apparent, we would later learn that the Kansas judicial branch had been struck by a ransomware attack.”

The incident severely limited the daily operations of the state’s appellate and district courts in 104 counties.

The court system has now implemented new protections that they believe will “limit damage” and allow them to recover quicker if another ransomware attack occurred.

As of this week, the case management system has been restored alongside the free public portal that provides access to electronic court records.

Electronic filing has been restored in some districts but the rest will be back to normal over the next two weeks.

Luckert believes that full functioning of all systems is “on the near horizon.”

Slow progress

During the speech, Luckert explained that the court’s information services team began to investigate a network outage on October 12 and discovered that several servers housed in the Kansas Judicial Center were inaccessible.

These servers are used for key operations of administrative offices, district courts and appellate courts. In order to stop the unnamed ransomware gang from moving laterally within the system, they disconnected it and shut down much of the system.

Law enforcement and cybersecurity emergency responders were called in to help the state’s chief information technology officer with the recovery.

On the advice of state officials, law enforcement and legislators, they decided against paying a ransom. In a post-speech interview with the Kansas Reflector, she called the ransom demand a “moving target” and said it was still unclear how much the incident would cost the state. No ransomware gang has taken credit for the attack.

While they initially hoped for a “swift” recovery, experts informed them that they had to not only clean and restore the systems but also fortify them since victims are typically attacked more than once.

They did have working backups that made the recovery process a bit easier but “things have progressed more slowly than we would like because our top priority has been to protect Kansans,” she explained.

“The forensic examination confirmed the cybercriminals' claim that they had exfiltrated some data. We are working hard to determine what and whose personal information has been compromised by the criminal actors so that we can notify those individuals,” she said.

“As these and other details emerged, it became clear we needed to implement alternative business practices to keep courts running. Courts across the state reverted to old school methods, including paper filings. We communicated to the public about how we used the paper environment.”

Court officials previously said that the stolen information includes Office of Judicial Administration files, district court case records on appeal, and other data, “some of which may be confidential under law.”

The devastating attack on Kansas’ court system incidents faced by several other courts across the U.S.

Luckert thanked the IT officials who “sacrificed evenings, weekends, vacations, holiday time” to get the systems back up and running.

She noted that in the court’s budget request for fiscal year 2025, they have asked for funding to cover several new cybersecurity positions.

“I express my deep sorrow that Kansans suffered because these criminals attacked our system of justice,” she said. “But I thank my fellow Kansans for their support and their patience over the past several months.”