LA Superior Courts Closed Monday Following Ransomware Attack

LOS ANGELES (CNS) - The Los Angeles County Superior Court system was closed Monday as its tech services division continued to repair and reboot network computer systems that were "severely impacted" by a ransomware attack.

"The court experienced an unprecedented cyber-attack on Friday which has resulted in the need to shut down nearly all network systems in order to contain the damage, protect the integrity and confidentiality of information and ensure future network stability and security," Presiding Judge Samantha P. Jessner said in a statement late Sunday night.

"While the court continues to move swiftly towards a restoration and recovery phase, many critical systems remain offline as of Sunday evening. One additional day will enable the court's team of experts to focus exclusively on bringing our systems back online so that the court can resume operations as expeditiously, smoothly and safely as possible."

Officials said they do not anticipate the court system being closed beyond Monday.

"Court staff have been working vigorously over the past 72 hours in partnership with outside consultants, vendors, other courts and law enforcement to get the court's network systems back online," the Sunday statement said. "While the team of experts has made significant progress, there remain some challenges that are delaying progress."

Affected systems "span the court's entire operation, from external systems such as the MyJuryDuty Portal and the court's website to internal systems such as the court's case management systems," the court said.

Monday's closure affected all 36 courthouse locations in the county.

The county Public Defender's Office issued a statement Monday saying it was communicating with court officials, and given the delay in hearings for many defendants in criminal cases, it is "focused on minimizing disruptions and safeguarding the rights of our clients."

"The right to a speedy trial is a cornerstone of justice, and this remains our priority," according to the Defender's Office. "We are actively monitoring the impact of the attack on court schedules and will take all necessary legal steps to protect our clients' constitutional and statutory rights."

The hack -- described as "a serious security event' -- was first noticed early Friday and determined to be a ransomware attack, the court said in an announcement on Friday night.

Soon after the hack was detected, the court's Technology Services Division immediately shut down network computer systems "to mitigate further harm."

However, the courts did remain open for business on Friday.

The ransomware attack was believed to be unrelated to the CrowdStrike issue that created havoc on computer systems worldwide on Friday, the court said on Friday.

Court officials said the California Governor's Office of Emergency Services, as well as local, state and federal law-enforcement agencies, were all participating in the investigation into the breach.

"At this time, the preliminary investigation shows no evidence of court users' data being compromised," the court said Friday.

The statement credited the court's heavy investment in cybersecurity and increased staffing in the cybersecurity division in helping officials to quickly detect the intrusion and address it immediately.

The court hack was the second in recent years against a major Los Angeles public agency.

Over Labor Day weekend in September 2022, the Los Angeles Unified School District was the victim of a ransomware attack that was later reported to have been perpetrated by a Russia-based hacking syndicate called the Vice Society.

Some data was stolen during that attack and posted on the dark web, but Superintendent Alberto Carvalho said at the time there was no evidence the hackers had accessed sensitive student or staff personal data.

The posting of the data -- mostly involving some of the LAUSD's outside contractors, the district said at the time  -- came ahead of an announced deadline the hacking group gave the district to pay an unspecified ransom it had demanded.

The early release of the data appeared to follow repeated assertions by Carvalho and the district that it had no intention of paying any type of ransom.