[BreachExchange] Philly courts website is finally back after ‘not Russian’ virus attack

Destry Winant destry at riskbasedsecurity.com
Thu Jun 27 01:01:15 EDT 2019


https://billypenn.com/2019/06/26/philly-courts-website-is-finally-back-after-not-russian-virus-attack/

Parts of the Philadelphia court system’s website were restored
Wednesday, more than a month after being infected by a virus. The
virus did not originate in Russia, officials said, after hinting at
that possibility to the Inquirer last week.

So it’s still not clear who is responsible for the malware attack that
hit the First Judicial District around May 21. The breach caused
officials to quarantine their email accounts and other online
services. A court spokesperson told Billy Penn on Wednesday that no
additional information on the attack’s source would be released until
everything is completely fixed.

For now, the courts.phila.gov website is mostly back up and running —
save for three key portals whose absence has caused numerous headaches
since the blackout five weeks ago.

The three unrestored services (and recommended workarounds) are:

- The e-filing system: This allows attorneys and other people involved
in the legal system to remotely file paperwork for cases. For now,
here’s how where to continue filing in person.
- The e-jury reporting system. If you need to report to or request a
deferral for jury duty, continue to call 215-683-7170. Have your jury
summons handy to type in your juror number.
- Remote access to civil case dockets. For those who need to pull up
court records, the First Judicial District still has extra computer
terminals open in Rooms 205 and 310 of the Stout Center for Criminal
Justice.

Staff email accounts for the First Judicial District came back online
several weeks ago, as did various e-payment systems for fines. A court
spokesperson said the remaining online public information portals
should be restored “soon.” FJD court administrator Joseph H. Evers
told the Inquirer last Friday that they should be up by the end of
this week.

‘It’s not Russian’

Evers caused a stir last week when he said that the digital address
tied to the virus may have been traced to Russia. The following day,
other officials quickly backed off that claim.

Mark Wheeler, chief IT officer for the Kenney administration, said
last week the hunt for the hacker continues. FBI investigators had
tracked the virus to its IP address source, but “it’s not Russian,”
Wheeler told the Inquirer.

The courts awarded Montgomery County-based security firm SoluStaff a
$60,000 contract to toughen the court system’s digital defenses, Evres
wrote in a letter obtained by the Inquirer.  The courts had previously
refused to identify the name of the vendor, citing cybersecurity
concerns.

Philly officials continue to maintain that it was not a ransomware
attack — like those that have crippled other U.S. cities and caused
millions in damages. Evers wrote to senior court officials that there
had been “absolutely no indication of a breach of court data,”
according to the Inquirer.

Pressed for additional details on the attack, courts spokesperson Gabe
Roberts told Billy Pennmore information would be released once the
systems reached full health.

Said Roberts: “We’re going to wait until we’re 100 percent back until
we start discussing that.”


More information about the BreachExchange mailing list