A US court has ransomware attacked while hackers behind it leaked documents claiming to have been stolen. In particular, the hackers reported that they successfully carried out their attack, which targeted the fourth district court of Louisiana.
Hackers infected a US court with a strain of ransomware known as Accounts, which was first identified in December 2019 and has been observed more and more intensely in recent months, targeting Companies as well as public sector actors. It is spread through networks, using a series of techniques to obtain domain admin credentials. Once it has acquired the necessary permissions, it develops ransomware for encryption devices on the target network. In addition, researchers observed that malware uses the same ransom note developed by the crypto-malware family Ryuk, while similarities have been identified between the two ransomware strains code.
The hacker team, in order to prove that it is behind the attack, published this week in Dark web the documents allegedly stolen. These include second-degree kidnapping verdicts, an armed robbery and a case of aggravated rape. Other documents appear to be related to a court hearing.
The official site of the fourth Louisiana District Court, 4jdc.com, is offline. The court covers the community of Ouachita and the parish of Morehouse and is one of the 42 judicial districts of the state. He handles civil and criminal cases, as well as juvenile cases, which are usually heard in Monroe and Bastrop. However, the amount of ransom demanded by the hackers from their victim is still unknown.
It is worth noting that ransomware attacks are not an unprecedented phenomenon for Pelican State. In particular, in December last year, such an attack took place against the Community College Baton Rouge. The security incident took place just two days before an opening ceremony scheduled at the college. In addition, a month earlier, a major ransomware attack on Louisiana State IT infrastructure disrupted many services, including government sites. e-mail and internal applications. Also in July 2019, the governor of Louisiana declared a state of emergency, following ransomware attacks that affected IT systems in three school districts.
According to Hank Schless, senior manager at Lookout, this series of ransomware attacks indicates that every organization has valuable data that can be hacked by hackers and then used as a "weapon" to threaten victims that if they do not pay the required ransom, it is very likely businesses suffer irreparable damage and "paralyze". Schless also estimates that an advanced hacking team like the one developed by Conti ransomware probably used social engineering techniques to persuade a target employee to download a document or file to their device, and that's how the attack began.