Internet Explorer 11 is not supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

L.A. Courts Owe Public Full Accounting After July Ransomware Attack

On July 19, the Los Angeles Superior Court detected a security breach that forced it to temporarily close for two days, postponing trials and other essential courtroom work. The public deserves a thorough report on what happened.

The former federal courthouse on Spring Street in downtown Los Angeles
The former federal courthouse on Spring Street in downtown Los Angeles now houses part of the Los Angeles Superior Court, which was shut down for several days in July 2024 by a ransomware attack.
(Myung J. Chun/Los Angeles Times/TNS)
The Los Angeles Superior Court has an enormous data and online system that for years remained too vulnerable to hackers. The court began stepping up its monitoring, defenses and response operations less than two years ago, and it belatedly brought on a cybersecurity officer — a standard move for any large organization, public or private — this year.

Six weeks later, the court was hit by a ransomware attack that infected its computer system with damaging software, forcing it to temporarily close. The new security systems spotted the breach early on Friday, July 19, and court personnel who began their workdays early found ransom notes on their devices before 7 a.m. that day. The court remained unavailable to the public until the following Tuesday, and even then, it operated at severely diminished capacity for several more days.

The effect of the July hack was enormous. The L.A. Superior Court is the largest local trial court system in the nation and perhaps the world and, on any given day, conducts hearings and issues orders that directly affect the liberty, familial relationships and pocketbooks of thousands of people. The attack briefly postponed trials and other essential courtroom work, including issuing time-sensitive domestic violence restraining orders and ordering jail releases.

Public-facing operations are now back online, and a criminal investigation is underway. As soon as it concludes, the court owes the public a full accounting of the scope of the attack and any ransom paid to the hackers. Unlike private businesses that often suppress accounts of cyberattacks to avoid embarrassment and lawsuits, the court is a public entity and any amount it may have paid is public money. Any security breach was a failure of an institution accountable to the public.

Things could have gone much worse for the court and the 10 million Los Angeles County residents and numerous businesses and other entities that it serves. Other courts and agencies had their systems down much longer after similar attacks.

Apart from federal intelligence, security and military operations, public agencies and offices generally lag behind private corporations in tech matters.

And among public entities, local courts are often furthest behind, in part because of inadequate funding (the bulk of Superior Court funding is provided by the state budget), and in part because courtroom culture relies so heavily on independence, precedent and tradition. For decades, judges who began their legal careers before the internet or electronic data networks steered their courts away from automation and resented efforts to impose uniform rules for electronic case management.

That was especially true in the Los Angeles Superior Court. But things have slowly changed, and the court now manages one of the nation’s largest cyber operations. As the swift response to the July ransomware attack demonstrates, it has begun to catch up on cybersecurity as well.

There are good reasons for the public to be patient with the court and the FBI as they continue their investigation. This was not a simple stickup and may well have involved foreign actors looking for more than financial rewards.

First, it’s important to remember that crimes of this sort and this magnitude are usually well-planned to impose maximum disruption, and not only because bigger disruption is calculated to produce a bigger ransom payment.

Ransomware perpetrators are often described as pirates, invoking images of freelance criminal mariners who might attack any ship sailing under any flag if the vessel carries treasure that the brigands might plunder. Many are more like real-life privateers such as Sir Francis Drake, Sir Henry Morgan and others who sailed and robbed with the authority of their governments in order to harass their national adversaries.

In today’s world of online piracy, privateer hackers often operate with the tacit approval or even at the behest of foreign governments, particularly Russia (although Iran, China, North Korea and pre-invasion Ukraine are also implicated).

The cyberattack on the Los Angeles Superior Court was an attempt to extort money, but there’s a good chance that it was also a bid to undermine confidence in the justice system, and to explore and exploit vulnerabilities in data systems and in public attitudes. In other words, it may well have been one of numerous assaults on behalf of foreign adversaries. As in more open warfare, defense against such attacks ideally includes a measure of public understanding about court delays and other inconveniences.

The same is true of similar assaults on other public agencies, including 2022 attacks on the Los Angeles Unified School District and the Housing Authority of the City of Los Angeles.

But again, that patience must have limits. The court owes the public, at the earliest opportunity that does not compromise the investigation, a full report on what lasting damage was done, what lapses were responsible and what steps are being taken (and what further public investment is needed) to strengthen the court‘s defenses against future attacks.



Governing’s opinion columns reflect the views of their authors and not necessarily those of Governing’s editors or management. ©2024 Los Angeles Times. Distributed by Tribune Content Agency, LLC.