You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Criminal Courts Hacked, Docs Leaked

With Courts sending and receiving tons of email with attachments, they are a ripe target for a crafty Phish.

If you're facing Louisiana's 4th Judicial District Court, you probably don't want your dirty laundry aired by some hackers.

Unfortunately, that's a reality. The hacker crew behind the Conti Ransomware strain that nabbed the court is the same group famous for distributing the Ryuk Ransomware strain. Ryuk became known for its attacks against the public sector, like when it took a Georgia city for nearly $400k or halted school in Montana.

Hacking group/ransomware strain Conti has claimed the attack on the Fourth District Court of Louisiana, and published apparent proof of the attack on its dark web page.

To prove their chops and to extract a ransom payment, the hacker crew posted some of the stolen files on a Dark Web forum. When it comes to protecting the release of stolen data, hackers know how to extort their victims well. They'll release snippets until the ransom payment is made, usually in Bitcoin.

This event follows a vicious hit on Texas Courts earlier this year. That attack paralyzed the court's case management system and forced them to release court rulings over Twitter. Yes, that same Twitter that got hacked recently too!

Conti Ransomware includes a range of techniques designed to frustrate incident responders and can execute 160 individual commands – 146 of which focused on stopping potential Windows services.

That's all cyber nerd speak for: "This Conti Ransomware is really good."

And really good ransomware means it allows the operators (i.e. attackers) to extract a lot of data AND encrypt the network. This gives the hackers two big points in negotiating a ransom payment:
1. Pay us to decrypt (i.e. unlock) your network
2. Also, pay us to destroy your stolen files to prevent public disclosure

Ryuk Ransomware was advanced when it came out. It's now virtually non-existent, as the group is itself advancing its product, just like any business. Conti is their sleek new model, and it's working as they wish - making them a LOT of money.

The good news is that these hacks can be stopped!

The first step is training your team to avoid the initial Phishing email, the one that the court employee fell for.

Are you ready to take action?
We make it easy to protect your team from attacks just like this one. Find out how to protect your team with INFIMA's Automated Security Awareness platform.

To get a quote, set up a call with our (non-pushy) sales team here!

Original articles here and here.

Joel Cahill

Cybersecurity enthusiast. Entrepreneur.