Pa. courts' website hit by disabling cyberattack, officials say

A weekend cyberattack on the website of Pennsylvania's state courts agency disabled some online systems but did not appear to compromise any data and didn't stop the courts from opening Monday, officials said.

Various county court clerks said their offices Monday were operating smoothly, despite the disruptions to some online portals and services.

The federal government's lead cybersecurity agency, the U.S. Department of Homeland Security and the FBI were investigating the attack, Chief Justice Debra Todd said in a statement.

Léelo en español aquí.

She called it a “denial of service” cyberattack, using the federal government’s description for when attackers “flood the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users.”

“Our court information technology and executive team continues to work closely with law enforcement including the CISA, the U.S. Department of Homeland Security and the F.B.I to investigate the incident,” Todd said in an updated statement on Monday afternoon.

“There is still no indication that any court data has been compromised, and our courts remain open and accessible to the public," she said.

As of about 1 p.m. Monday, she said the following services had been impacted by the cyberattack:

• PACFile – the Pennsylvania Appellate Court (PAC) electronic filing system that is used by attorneys and pro se litigants to electronically file documents with the appellate courts and some courts of common pleas (criminal and/or juvenile divisions). While PACFile is not available, filing offices remain open to accept filings in person or by mail.
• GTS – the Guardianship Tracking System (GTS) is a web-based application used by court-appointed guardians, orphans’ court clerks, court staff and judges to file, manage, track and submit reports related to the guardianships of incapacitated persons. While the GTS system is not available, filing offices remain open to accept filings in person or by mail.
• Web Dockets/court summaries – These documents are available online for free to anyone with internet access to view information about a case filed in the appellate courts, the criminal division of the courts of common pleas, as well as the magisterial district courts. While these documents are currently unavailable online, filing offices remain open to accept filings in person or by mail.
• PAePay – facilitates the online payments for: cases with outstanding fines, costs, and restitution in criminal and summary matters, bail, fees associated with the annual attorney registration and bar application, probation, and parole fees, and Guardianship Tracking System (GTS) fees. While the PAePay system is not available, payments can still be made by mail, in-person or by contacting the court office to inquire about alternative payment methods.
• Some pages on UJS Website – those interested in court documents and information should contact the Pennsylvania Courts spokesperson Stacey Witalec at (717) 877-2997.
• The Pennsylvania Justice Network or JNET -- though, officials said warrant information remains available to law enforcement through NCIC and CLEAN.
• Police Forms (complaint and search warrants) and Citations – Law enforcement forms such as criminal complaint and search warrant applications, remain available at the appropriate court filing office.

The courts agency, the Administrative Office of Pennsylvania Courts, didn't say whether its cybersecurity measures worked as designed or whether the attackers demanded money or a ransom.

Court officials maintained that they had no evidence that hackers had stolen data, and appeared to have restored some disabled services Monday evening, including access to electronic dockets and an electronic document filing portal.

The attack comes a few months after Kansas' judicial branch was the victim of what it called a " sophisticated cyberattack," from which it took months and millions of dollars to recover. That attack was blamed on a Russia-based group.

Major tech companies Google Cloud, Microsoft and Amazon Web Services have been hit by such attacks in recent years, as have financial institutions. In 2022, some U.S. airport sites were hit. Some of the biggest attacks have been attributed to Russian or Chinese hackers.

Neither the courts agency nor the federal cybersecurity agency, called the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, immediately identified the attackers or a motive.

The agencies also did not say whether the courts' cybersecurity measures had worked as designed or whether the attackers demanded money or a ransom.

In a statement, CISA's executive assistant director, Eric Goldstein, said the agency is in touch with Pennsylvania court officials and will provide assistance.

Jack Danahy, a vice president of cybersecurity firm NuHarbor Security in Vermont, said denial-of-service hackers are typically seeking money, although such attacks are harder to profit from because networking experts have ways of defusing them by diverting the flood of internet traffic.

Such attacks are often traced back to state-backed actors, but they are also relatively easy for smaller hackers to mount, Danahy said.

The attackers can find ways of hiding their identity and can use a denial-of-service attack to mask an underlying attack, such as a ransomware attack, Danahy said.

Alexander Leslie, an analyst with the cybersecurity firm Recorded Future, said some denial-of-service tools are open-source, featuring software whose code is publicly accessible, while others are available to criminals for premium fees.

Some denial-of-service attacks are distributed, meaning they can use thousands or millions of devices to barrage a website. That can make it difficult to pinpoint a culprit or motive, absent a public claim of responsibility, Leslie said.

In Kansas, the state’s court system started bringing its computerized case management system back online two months after the October cyberattack that forced it to shut it down, along with public access to documents and other systems.

Last month, Kansas' top judicial official told lawmakers that the state's court system needed at least $2.6 million in additional money to cover the costs of bringing multiple computer systems back online, pay vendors, improve cybersecurity and hire three additional cybersecurity officials.

The hackers stole data and threatened to post it on a dark website if its demands were not met, officials said. Judicial branch officials have not spelled out the attackers’ demands, but said that no ransom was paid.

The state’s courts remained open Monday, Todd said. And, Todd said, new information would be provided as it becomes available.