ALPHV/BlackCat ransomware group claims Northwest Florida courts cyber attack

Benjamin Johnson, Pensacola News Journal

As the First Judicial Circuit continues to battle their "security event" breach that crippled some of their administrative systems, the ALPHV/BlackCat ransomware group has claimed responsibility for the attack.

The First Circuit, which encompasses courthouses in Escambia, Santa Rosa, Okaloosa and Walton counties, first announced the attack Oct. 2, saying electronic court operations were impacted. Escambia's Clerk and Comptroller Pam Childers told the News Journal that the local administrative structure, which is tied to the Florida Supreme Court's Office of the State Courts Administrator (OSCA), was breached during the incident.

The communications team for global cybersecurity company Heimdal Security, which provides cloud-based cybersecurity solutions, reported that ALPHV claimed the attack on their data leak page. The ransomware group claims to have access to Social Security numbers of employees and a detailed map of the court's systems.

'Possible' personal info breached: NWFL courts investigating if personal information was breached in IT 'security event'

John Miller, the chief judge of the First Judicial Circuit, told the News Journal that their internal investigation has not verified if personal information was breached in the cyber attack.

"I am very pleased with our progress, and a lot of that is thanks to our outstanding IT team," Miller said. "Our clerks of court in these four counties have gone above and beyond what's required of them to help us have access to our court files and keep us operational."

Miller could not confirm or deny whether ALPHV/BlackCat caused the attack.

What is a ransomware attack?

According to Elizabeth Rasnick, associate professor with UWF's Center for Cybersecurity, a ransomware attack is when a person gains access to a system's data and then encrypts it to lock out the owner of the system and data.

"In order for (the system owner) to get access back, they would have to pay a ransom," she told the News Journal. "There's some type of ransom note, usually an email, that says, 'Hey, we've locked down your data, and it's going to cost this much to get it back.'"

Outside of paying the ransom, Rasnick says system owners could restore their data if they have a backup stored. If they don't have a backup, then they must either go through the painstaking process of "piecemealing" the data together from outside sources or beginning from scratch.

Miller could not confirm or deny to the News Journal whether the courts have a backup system in place.

Courts announce breach: Escambia, Santa Rosa courts disrupted by 'security event' affecting information systems

What is the ALPHV/BlackCat ransomware group?

The ALPHV group is thought to be a rebranding of the DarkSide/BlackMatter ransomware group that rose to global prominence after their cyber attack of Colonial Pipeline in 2021, according to the FBI's Internet Crime Complaint Center (IC3).

In April 2022, IC3 reported that ALPHV/BlackCat was the first ransomware group to successfully compromise 60 entities worldwide using the programming language RUST.

The group typically leverages previously compromised user credentials to gain initial access to victim systems, according to IC3, and infect it with malware.

Once the malware is in place, it will configure "malicious Group Policy Objects" to deploy ransomware throughout the system, disabling security features.

How are the Northwest Florida court systems impacted?

According to the Florida Courts website, OSCA was created in 1972 to serve the state's chief justice and carry out the justice's responsibilities as chief administrative officer, including the 20 circuit courts throughout the state. Each circuit has a local administrative structure that is presided over by that circuit's chief judge.

Childers told Escambia County commissioners during a meeting that her office, which houses the court's documentation, was not impacted by the breach.

"With the breach that happened with the courts, it had nothing to do with the clerk and comptroller's office," she said. "Any comptroller data, payroll, what have you is not compromised."

The News Journal asked Florida Supreme Court Public Information Officer Paul Flemming if the Supreme Court is aware of any personal information breaches as a result of the incident.

"It's possible," he told the News Journal. "We don't think at this time that happened.

"Our first concern is the security of the data, and a close second is the ongoing administration of justice and operation of the courts," Flemming added. "At this point, we don't have any information that there is a breach in any personal information, but that's what our first line of concern is and what is being addressed by the First Circuit and by the OSCA."

Shortly after the attack was announced, Escambia judges and attorneys made reference to the "breach" or "hacking," and judges have mentioned they do not have access to certain electronic capabilities as a result.

Also, stenographers have been brought in to record proceedings that are typically recorded by their audio system CourtSmart, but the breach has rendered the system incapacitated.

Trial Court Administrator Kasey Watson says the attack will "significantly affect court operations."

This article originally appeared on Pensacola News Journal: ALPHV/BlackCat claim cyber attack on Escambia, Santa Rosa courts

Advertisement