Resource Center

Technological advancements in recent years have significantly changed the way businesses and other entities function. One such change is in access to and storage of data – data access and storage has mostly moved from a paper-based to an electronic format. Electronic access and storage of data has created many benefits for organizations, including convenience and increased operational efficiencies. Nevertheless, these benefits do not come without new risks.

Electronically-stored data can be accessed and modified from different locations by individuals who are authorized to access that data. However, if security measures are lacking or inadequate, unauthorized actors with nefarious purposes may also gain access to the data. Recently, ransomware attacks – or attacks using a type of malicious software designed to block access to a computer system until money is paid¹ – have increased in prevalence. According to the Federal Bureau of Investigation (FBI), an average of 4,000 ransomware attacks occur every day, a 300 percent increase from 2015.² These attacks have targeted various types of businesses and entities, including court systems and state and local governments.

What is Ransomware?

Ransomware is a form of malware that targets an organization’s critical data and systems for the purpose of extortion.³ Attackers use encryption to lock up a victim’s files, and then hold the files hostage until payment is made, typically in a hard-to-trace digital currency. Often, an attacker is able to encrypt all of the data on a network just by gaining access to one computer that is part of the network.

As of August 2019, a malicious software called “Ryuk” has quickly become the most common form of ransomware used in attacks. According to Coveware, a cybersecurity firm, Ryuk was used in roughly 24 percent of ransomware attacks in the second quarter of 2019.⁴

How Does a Ransomware Attack Happen?

The email then rapidly encrypts the files on the network. The cyber-attacker then sends a message to the user that the computer’s files, photos, databases, and other vital systems have been encrypted. The message includes a demand for ransom payable through a form of untraceable cryptocurrency before keys are provided to unencrypt the files and restore functionality.

Ryuk ransomware attacks are specifically designed to get deep into the systems of larger organizations and are often orchestrated using a multistep process that can take weeks. A Ryuk attack might start with a phishing email, providing attackers with the access needed to install software that can discretely collect information about the network and any necessary credentials. The attackers then use the acquired information to disable antivirus protections and install the Ryuk ransomware, locking the files and network.⁵

Options when Faced with a Ransomware Attack

An entity facing a ransomware attack generally has two options: 1) pay the ransom; or 2) try to restore access to the locked files without paying the ransom. According to Recorded Future, a cyber-threat intelligence company, only 17 percent of attacked cities pay the ransom set by the hackers.⁶ Paying the ransom is a risk as it may embolden the cyber-attackers to continue attacks on other entities and does not guarantee that the cyber-attackers will restore access to the files. In the alternative, refusing to pay the ransom and instead choosing to try to unencrypt the files often takes more time and costs more money. Some entities have been able to quickly recover from attacks by ensuring secure backup files are in place that can be used to restore access. Additionally, entities can purchase insurance that covers ransomware and other cyberattacks in order to provide themselves with some protection in the event of such an attack.

In July 2019, the U.S. Conference of Mayors -- an organization comprised of mayors representing cities with populations of 30,000 or more -- adopted a resolution opposing payment of any ransoms demanded through ransomware attacks.⁷ This follows the FBI’s recommendation that entities not pay ransoms demanded in ransomware attacks.⁸

Ransomware Attacks on Governments and Court Systems

State and local governments are particularly vulnerable to ransomware attacks because they may have inadequate IT resources and their IT systems tend to be older and outdated.^{9 10} Attacks on governments also tend to draw more attention because they can disrupt public services¹¹ Recorded Future reports that since 2013, there have been an estimated 169 ransomware attacks on state and local governments.¹² However, the exact number of attacks against governments is unknown because state and local governments do not always publicly report the attacks. Malwarebytes, a company that specializes in cybersecurity, reported that its government clients experienced seven times more ransomware attacks so far in 2019 than in all of 2018.¹³

In July 2019, Georgia’s Administrative Office of the Courts suffered a ransomware attack that affected the state’s municipal courts. In June 2019, Riviera Beach and Lake City in Florida were attacked and paid ransom demands of roughly $600,000 and $460,000, respectively.¹⁴ In May 2019, there was a ransomware attack in Baltimore, its second in two years.¹⁵ In March 2019, Jackson County, Georgia paid attackers $400,00 after a ransomware attack locked agencies out of almost all of their systems, including the sheriff’s office, which is responsible for criminal bookings.¹⁶Last year, a large ransomware attack in Atlanta shut down online city services, required police and courts to file paperwork manually, and forced the city to halt court proceedings. The attack cost the city’s taxpayers more than $9 million.¹⁷

Other jurisdictions and systems that have been attacked include, but are not limited to:

• Albany, New York;
• Cartersville, Georgia;
• Collierville, Tennessee;
• Connecticut Court System;
• Fisher County, Texas;
• Georgia State Patrol;
• Genesee County, Michigan;
• Greenville, North Carolina;
• Imperial County, California;
• LaPorte County, Indiana;
• Lynn, Massachusetts.

Ransomware’s Impact on Governments and Court Systems

The exact impact on governments and court systems varies depending on the systems affected by the ransomware and the security measures that are in place. For example, the Albany Policy Department was forced to write down incident and crime reports on paper during an attack. The Fisher County Sheriff’s Office lost the ability to connect to a Texas statewide law enforcement database.¹⁸

State and local governments can be affected for months or even longer during and after an attack. Atlanta reported that for three months after the attack, courts were still processing cases by hand. In Baltimore, the Mayor believes full recovery could take months after its ransomware attack in May.

Governments and court systems that follow the FBI’s security recommendations, including more frequent security-patch updates and secure backup files, have a better chance of stopping the attacks in the early stages.²⁰ When Collierville, Tennessee was hit with a Ryuk attack, the town was able to recover files from backup systems and rebuild necessary servers within a week.²¹ Imperial County, California was able to avoid a $1.2 million ransom demand by having secure backup data.²²

Similarly, Lubbock County was one of 23 local government systems in Texas hit by a ransomware attack on August 16, 2019.²³ When Lubbock County’s in-house director of technology and information systems received a call from a county employee claiming file icons on a computer screen were changing, the IT director immediately suspected malicious activity. The director instructed one of his staff to rush to the affected computer and take it off the network. “Within 40 minutes of witnessing the first signs of a ransomware attack, the threat was over.”²⁴ Lubbock County “appears to be the only one that successfully stopped the hackers, saving the county potentially hundreds of thousands of dollars and hours of work to repair computers and restore lost files.”²⁵ The Lubbock County IT department was lauded for catching the attack at such an early stage, with county officials pointing to the proper investment in infrastructure and the regular trainings the county’s roughly 1,500 employees receive on suspicious computer activity.²⁶

What This Means for Background Screening

It is impossible to predict when and where a ransomware attack will occur or the exact effect it will have. If a court system is affected by ransomware, it can cause court records to be inaccessible for an unknown period of time. Thus, employers who rely on court searches when screening applicants and employees should be aware that some of those searches could be delayed indefinitely if the court is hit with a ransomware attack and thus should plan accordingly.

If you have questions regarding availability of a particular court search, please contact your account manager or sales executive.

Download as PDF

¹2018 Internet Crime Complaint Center Annual Report, FEDERAL BUREAU OF INVESTIGATION, https://pdf.ic3.gov/2018_IC3Report.pdf.
²How to Protect Your Networks from Malware, U.S. FEDERAL AGENCIES, https://www.fbi.gov/file-repository/ransomware-prevention-and-response-for-cisos.pdf/view?47.
³Id.
⁴Ransomware Amounts Rise 3x in Q2 as Ryuk & Sodinokibi Spread, COVEWARE, www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
⁵Jon Kamp & Scott Calvert, How Ransomware Attacks Are Forcing Big Payments From Cities, Counties, THE WALL STREET JOURNAL (July 25, 2019), www.wsj.com/articles/how-ransomware-attacks-are-forcing-big-payments-from-cities-counties-11564078222?mod=searchresults&page=1&pos=1.
⁶Joseph Marks, The Cybersecurity 202: Baltimore's slow recovery shows far-reaching consequences of ransomware, THE WASHINGTON POST (May 22, 2019), https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/05/22/the-cybersecurity-202-baltimore-s-slow-recovery-shows-far-reaching-consequences-of-ransomware/5ce4a910a7a0a46b92a3fd6d/?utm_term=.8e7aad08fb55.
⁷Jon Kamp, U.S. Mayors Unite Against Paying Ransom to Hackers, THE WALL STREET JOURNAL (July 10, 2019), www.wsj.com/articles/u-s-mayors-unite-against-paying-ransom-to-hackers-11562774950?mod=searchresults&page=1&pos=3; Opposing Payment To Ransomeware Attack Perpetrators, U.S. CONFERENCE OF MAYORS (July 2019), http://legacy.usmayors.org/resolutions/87th_Conference/proposedcommittee-preview.asp?committee=Criminal%20and%20Social%20Justice.
⁸Incidents of Ransomware on the Rise: Protect Yourself and your Organization, FEDERAL BUREAU OF INVESTIGATION (April 29, 2016), www.fbi.gov/news/stories/incidents-of-ransomware-on-the-rise/incidents-of-ransomware-on-the-rise.
⁹Ian Duncan & Colin Campbell, Baltimore City Government Computer Network Hit by Ransomware Attack, BALTIMORE SUN (June 30, 2019), www.baltimoresun.com/politics/bs-md-ci-it-outage-20190507-story.html.
¹⁰Marks, supra note 6.
¹¹Kamp & Calvert, supra note 5.
¹²Allan Liska, Early Findings: Review of State and Local Government Ransomware Attacks, RECORDED FUTURE (May 10, 2019), https://go.recordedfuture.com/hubfs/reports/cta-2019-0510.pdf.
¹³Talal Ansari, How One Texas County Stopped a Ransomware Attack, THE WALL STREET JOURNAL (Aug. 30, 2019), https://www.wsj.com/articles/how-one-texas-county-stopped-a-ransomware-attack-11567169059.
¹⁴CBS News, Georgia Court System Struck by Ransomware Attack, CBS INTERACTIVE INC. (July 2, 2019), www.cbsnews.com/news/georgia-court-system-attacked-by-hackers-using-ransomware-malware-software/.
¹⁵The first attack shut down the automated system that Baltimore emergency workers use to locate people who call 911 for assistance. See Emily Sullivan, Ransomware Cyberattacks Knock Baltimore's City Services Offline, NPR (May 21, 2019), www.npr.org/2019/05/21/725118702/ransomware-cyberattacks-on-baltimore-put-city-services-offline.
¹⁶Linn E. Freedman, Jackson County, Georgia Pays Hackers $400,000 After Ransomware Attack, THE NATIONAL LAW REVIEW (March 14, 2019), https://www.natlawreview.com/article/jackson-county-georgia-pays-hackers-400000-after-ransomware-attack.
¹⁷Marks, supra note 6.
¹⁸Kevin Collier, Crippling ransomware attacks targeting US cities on the rise, CNN (May 10, 2019), https://www.cnn.com/2019/05/10/politics/ransomware-attacks-us-cities/index.html.
¹⁹Ben Kochman, Ransomware Wave Has Cos., Gov'ts Scratching Their Heads, LAW360 (Sept. 9, 2019), https://www.law360.com/cybersecurity-privacy/articles/1194829/ransomware-wave-has-cos-gov-ts-scratching-their-heads.
²⁰Kamp & Calvert, supra note 5.
²¹Id.
²²Id.
²³Ansari, supra note 13
²⁴Id.
²⁵Id.
²⁶Id.

All Rights Reserved © 2019 Truescreen, Inc.
This document and/or presentation is provided as a service to our customers. Its contents are designed solely for informational purposes, and should not be inferred or understood as legal advice or binding case law, nor shared with any third parties. Persons in need of legal assistance should seek the advice of competent legal counsel. Although care has been taken in preparation of these materials, we cannot guarantee the accuracy, currency or completeness of the information contained within it. Anyone using this information does so at his or her own risk.