The Los Angeles County Superior Court – the largest superior court system in the U.S. – has been shut down following a ransomware attack.
Despite system and network troubles, the L.A. County Courts said recent cybersecurity upgrades enabled IT staff to respond quickly to the attack and minimize damage.
All 36 courts in the L.A. County court system were closed on Monday, July 22 after IT teams were unable to fully restore systems over the weekend. However, the court said it expects to reopen on Tuesday, July 23.
Update: All 36 courthouses reopened on July 23, but electronic filing remains limited and remote appearances are unavailable in civil, probate, family law and traffic cases, according to the court’s latest update. Website functionality remains limited; for example, the jury portal appears to be unavailable.
L.A. County Courts Shut Down ‘Nearly All Network Systems’
The attack occurred on Friday, July 19 and was unrelated to the massive global CrowdStrike outage that many IT teams are still recovering from.
“The Court experienced an unprecedented cyber-attack on Friday which has resulted in the need to shut down nearly all network systems in order to contain the damage, protect the integrity and confidentiality of information and ensure future network stability and security,” Presiding Judge Samantha P. Jessner said in a statement. “While the Court continues to move swiftly towards a restoration and recovery phase, many critical systems remain offline as of Sunday evening. One additional day will enable the Court’s team of experts to focus exclusively on bringing our systems back online so that the Court can resume operations as expeditiously, smoothly and safely as possible.”
The statement said court staff “have been working vigorously over the past 72 hours in partnership with outside consultants, vendors, other courts and law enforcement to get the Court’s network systems back online.”
Affected systems span the court’s entire operations, from external systems such as the MyJuryDuty Portal and the court’s website to internal case management systems.
Even as the court reported “significant progress,” it noted that “there remain some challenges that are delaying progress.”
No threat actor group has yet publicly claimed responsibility for the attack. While the court website is back up, many requests are resulting in errors and many functions remain unavailable.
Upgraded Cybersecurity Controls May Have Helped L.A. County Courts
The attack began in the early morning hours of Friday, July 19, an earlier court statement said.
“Immediately upon discovery of the attack, the Court disabled its network systems to mitigate further harm,” the statement said.
The court is receiving support from the California Governor’s Office of Emergency Services (CALOES) and local, state and federal law enforcement. The statement said that a preliminary investigation “shows no evidence of court user’s data being compromised.”
The Court said it has “invested heavily in its cybersecurity operations, modernizing its cybersecurity infrastructure and making strategic staff investments in the Cybersecurity Division within CTS. As a result of this investment, the Court was able to quickly detect an intrusion and address it immediately.”
The L.A. County court system serves the county’s 10 million residents. More than 1 million cases a years are filed in the county system, and more than 2,000 jury trials a year are held in its courtrooms.
Courts in the U.S. and elsewhere have suffered their share of ransomware attacks. In a little over a year, Kansas, Illinois, Ohio and Florida courts have been the victims of cyberattacks, while Switzerland and Australia have been among the victims in other countries.
Note: Article published July 22, 2024, and updated on July 23 to reflect the limited reopening.
