The Kansas government attributes the 5-week interruption of the court system to a complex cyberattack from a foreign source.

MISSION, Kan. (AP) — Cybercriminals hacked into the Kansas court system, stole sensitive data and threatened to post it on the dark web in a ransomware attack that has hobbled access to records for more than five weeks, officials said Tuesday.

The recent declaration of a “highly advanced cyberattack from a foreign entity” served as validation for computer security specialists who had previously speculated about the suspension of electronic filing by the state’s Judicial Branch on October 12. Prior to this, government officials had been vague in their statements, only referring to it as a “security issue.”

After being informed of the attack, the state’s Judicial Branch released a statement stating that they disconnected their court information system from outside access and alerted authorities. This caused a disruption in the everyday functioning of the state’s appellate courts, with the exception of Johnson County, which has its own computer systems and had not yet transitioned to the state’s new online system.

Over the past few weeks, numerous lawyers have had to submit motions manually, using traditional paper methods.

The statement expressed that the attack on the Kansas justice system is wicked and unlawful. It also conveyed sadness for the suffering that Kansans will endure due to the actions of the cybercriminals.

An initial examination suggests that the stolen data comprises of records from district court cases under appeal and other sensitive information. The statement stated that those impacted will receive notification once a thorough review is concluded.

According to cybersecurity expert Allan Liska from Recorded Future, at this time, no ransomware group has made any information publicly available on leak sites.

Lisa Taylor, the spokesperson for the Judicial Branch, refused to provide any information regarding whether the state paid a ransom or the identity of the group responsible for the attack. She stated that the original statement speaks for itself.

According to cybersecurity expert Brett Callow from Emsisoft, if companies refuse to pay a ransom, their data typically becomes accessible on the internet after a few weeks. Those who do pay are promised that their stolen data will be deleted, but some are forced to pay again.

Since the attack in Kansas, access to court documents has only been partially restored. There is now a public access center with 10 computer terminals available at the Topeka-based Kansas Judicial Center.

The Judicial Branch announced that it will require a few weeks to resume regular operations, including electronic filing. This endeavor involves strengthening our systems to protect against future attacks.

A report on the state’s judicial system’s potential risks, published last year, is deemed permanently confidential according to state legislation. However, two recent evaluations of other state organizations uncovered vulnerabilities. The latest one, published in July, stated that agency leaders are not fully aware of their IT security responsibilities or giving them enough importance.