Info@NationalCyberSecurity
Info@NationalCyberSecurity
0

Ransomware attack hamstrings three District Attorneys’ offices in NM • Source New Mexico | #ransomware | #cybercrime


A ransomware attack impacted three local prosecutors’ offices around New Mexico earlier this week.

Wednesday morning, someone ran ransomware on servers in four offices connected to the Administrative Office of the District Attorneys (AODA), including the server for the network prosecutors and public defenders use to share court records called the consolidated statewide case management system (CMS).

In interviews with Source New Mexico, a spokesperson for the First Judicial District Attorney Mary Carmack-Altwies in Santa Fe and Ninth Judicial District Attorney Quentin Ray in Clovis said their offices were impacted by the attack.

A third prosecutor’s office, the Fifth Judicial District Attorney in Carlsbad, was also affected, according to Ray. A phone call seeking comment from Fifth DA Dianna Luce on Thursday was not returned.

Marcus Montoya, president of AODA and the elected Eighth Judicial District Attorney in Taos, said Thursday afternoon “we’re still triaging” which cases and hearings the attack impacted.

“Affected might mean different things, so how much is compromised is hard for me to say,” he said. “Maybe some districts might be a little more exposed than others, but for the most part, a majority of the data is protected and will be available.”

The attack left prosecutors unable to access the case management system, slowing their work and making it more tedious, Montoya said. Prosecutors and staff instead had to access a different server and move the files over to an external hard drive, which they carried into court, he said.

“It’s contained, and it’s ultimately not as bad as probably your traditional ransomware attack, so I think we’re in a good place,” Montoya said. 

GET THE MORNING HEADLINES DELIVERED TO YOUR INBOX

Ray, the DA in Clovis, said those case files include any information about people accused of crimes, evidence in their cases, and prosecutors’ own case notes.

Some hearings had to be delayed, he said, “others we were able to MacGyver around.” Between 10% and 15% of the cases his office handles were affected on Thursday and Wednesday, Ray said.

First Judicial District Attorney spokesperson Nathan Lederman said on Thursday morning the prosecutors in Santa Fe were “experiencing issues with our case management system, as well as other internal systems.”

“This has resulted in an inability for our staff to work as they are normally accustomed,” Lederman said. “This is a widespread, ongoing issue which has affected multiple judicial districts.”

The FBI is investigating the attack, Montoya said. On Thursday afternoon, the FBI was still working to determine who was responsible, said Damion Bradford, AODA’s chief technology officer.

All fourteen district attorneys across New Mexico are elected officials. The AODA is a state agency that supports them, and manages most of their network security, Bradford said.

AODA started investigating the attack after Austin, Texas-based cybersecurity company CrowdStrike alerted them on Wednesday there was compromising activity on their network, he said.

A ransomware attack encrypts the target’s files so they become inaccessible, and leaves a file saying the target must pay a certain amount to release the encryption, according to Bradford.

“That’s pretty much the M.O., where they give you an ultimatum,” Bradford said. “There wasn’t an amount listed that I saw.”

No data was lost and no ransom was paid because the attack happened early in the morning on Wednesday before the workday started, and the AODA maintains a backup of all of its files, he said.

“By the time it was shut down, no work was going on, so there was no data loss,” he said. “Had it been effective, then yeah, that could have been a disastrous thing, because that would have affected the whole statewide system.”

Ransomware is only as effective as a given network’s data backup, Bradford said.

“Our plan is to always have backups because ransomware always is crippling if you’re not ready for it, and if you don’t have a backup, you’re pretty much dead in the water,” he said.

On Thursday afternoon, AODA installed a new database server and redirected network traffic to it, Bradford said.

The prosecutors’ networks recovered after 36 hours, Bradford said, and they expect to be fully functional by Friday morning.

“Compared to other offices and agencies nationwide, there’s some — hospitals, schools — that have been down for months,” he said. “I consider that a win to be able to recover so fast.”

Other state agencies take precautions

The prosecutors’ network shares data with the public defenders and the courts on a daily basis, Bradford said, but their systems are not compromised by the attack.

He explained that prosecutors and public defenders upload documents to the court system for discovery, and like in any cybersecurity event, an investigation must consider anywhere that may have been touched.

As a precaution, the Administrative Office of the Courts on Thursday afternoon temporarily suspended prosecutors’ access to court IT systems and platforms, according to spokesperson Barry Massey.

“This includes suspending access to SOPA, which is the online records system, and a platform that allows lawyers to electronically file court case documents,” he said. “These precautions will evolve as courts learn more about the district attorneys’ IT issues.”

As of 4:15 p.m. on Thursday, district attorneys would need to file court documents on paper or by fax, he said.

“That does not change how criminal cases are initiated because those have been filed on paper in courts rather than being filed electronically,” Massey said.

The Law Offices of the Public Defender took similar precautions Thursday. At 12:45 p.m., Deputy Chief Public Defender Jennifer Barela sent an email to public defenders across the state saying they cannot access the case management system and they should not download anything from it.

About an hour later, LOPD lifted those precautions, spokesperson Maggie Shepard said.

“Because we’re not uploading or sharing any new information currently, they can still access previous discovery as of (March 13), but obviously with everything still getting put back into place, there is nothing new being uploaded via our disclosure system,” Bradford said. “Ideally, if everything works as it should, we’ll be back up on that end tomorrow.”



Source link

.........................

National Cyber Security

FREE
VIEW