We're not in e-Kansas anymore: State courts reel from 'unauthorized incursion'

An unspecified security incident is forcing many state courts across Kansas to rely on paper filings, and it may have continue to do so for weeks, a state judge has warned.

The Kansas Supreme Court issued a brief notice that it was "experiencing network issues" on Thursday, October 12, and a short time later the same day said it was turning off its eFiling system until Sunday, October 15, "to give the judicial branch time to examine a security incident."

"Courts are open and operating, but clerks cannot receive electronic filings or electronic payments. All filings must be on paper or by fax. Paper filings can be hand delivered or sent by mail," The Register is told by the Kansas Judicial Branch.

"We continue to serve our communities, but we are using different methods until our systems are restored," said local Chief Justice Marla Luckert.

According to the statement "The Office of Judicial Administration can’t predict when the systems will be brought back online."

Per the Kansas Supreme Court, user access to state eFiling systems, the Protection Order Portal, District Court public access portal, case inquiry system, online marriage applications, payment processing, and a new statewide centralized case management system still being deployed across Kansas are all affected.

As of yesterday, the city of Topeka said its Municipal Court, Probation, and Prosecution divisions would be closed to the public on Monday "out of an abundance of caution," and to allow the city to investigate "possible security concerns with one of the court's systems."

"At this time, it is unknown if the possible security concern is associated with the Kansas Supreme Court's network security incident," Topeka officials said.

Speaking to Wichita's KAKE, 18th Judicial District Court Judge Phil Journey said he expected the system to be down for at least two weeks due to an "unauthorized incursion" that is affecting all of Kansas's state-level courts, based on the Office of Judicial Administration's continuity planning discussions. 

Interestingly enough, one county in the state is able to carry on business as usual: Johnson County is unaffected by the Supreme Court's Friday order, and it also just so happens to be the only one that has yet to be scheduled [PDF] to get Kansas's new centralized eCourt system. 

It's not clear if the eCourt system, Odyssey Case Manager from Tyler Technologies, is where the incident originated. We were unable to reach officials from the Kansas Supreme Court, City of Topeka, or Tyler Technologies for comment.

Is it ransomware?

When a cybersecurity incident response stretches into weeks, it's safe to assume systems or their data are damaged or inaccessible, and when that's the case, ransomware could be involved.

Without a response from someone in Kansas or at Tyler, The Register is unable to confirm the exact nature of the incident, but it would hardly be the first time a US government system – state or federal – were knocked offline for a prolonged period due to ransomware. 

• Feds raise alarm over Snatch ransomware as extortion crew brags of Veterans Affairs hit
• US government hit by Russia's Clop in MOVEit mass attack
• Alert: This ransomware preys on healthcare orgs via weak-ass VPN servers
• EPA flushes water supply cybersecurity rule after losing legal fight with industry, states

Somerset County, New Jersey, was hit by a ransomware incident so severe last year that it was left without access to any of its records after 1977, and a Royal ransomware attack on the city of Dallas, Texas in May left the city picking up the pieces for weeks afterwards.

Sensitive data belonging to the US Marshals was also stolen in a ransomware incident early this year, and the federal government's response to the trend suggests it's hopelessly behind on protecting government systems, and by extension the data of US citizens. 

It's unclear if the personal data of Kansas citizens was compromised in this latest incident, and if so how much may have been stolen. Given that the systems affected belong to the state courts, anything exfiltrated in the attack could be highly sensitive and valuable to the right buyer. ®