Cyber Incident Victim: Fourth District Court of Louisiana

On or around September 14, 2020, the Fourth District Court of Louisiana experienced a ransomware attack attributed to the Conti malware group, which also operates the Ryuk ransomware. The attackers deployed ransomware through the Trickbot malware distribution network, leveraging its established infrastructure to deliver the payload. Conti employed multiple obfuscation and evasion techniques designed to bypass security measures, incorporating hundreds of commands dedicated to avoiding detection. As proof of the attack’s success, the group published stolen court data on the Dark Web. The incident forced the court’s website offline, disrupting public access to its digital services. The attack was publicly reported by Computer Business Review and later covered by Dark Reading, though initial reports inaccurately suggested the Louisiana Supreme Court’s systems were also compromised. The Louisiana Supreme Court subsequently clarified that neither its website nor internal networks were affected by this incident.

This event marked the 207th ransomware incident targeting a public-sector organization in 2020, according to Brett Callow, a threat analyst at cybersecurity firm Emisoft. The attack highlighted the growing trend of malicious actors focusing on government entities, though specific details about the court’s operational disruptions, data recovery efforts, or ransom demands were not disclosed in available reports. Dark Reading noted it had not confirmed whether the Louisiana Supreme Court’s website experienced unrelated downtime around the same timeframe. Conti’s use of Trickbot aligned with its established tactics, which mirror the Ryuk ransomware’s reliance on sophisticated evasion methods to maximize infection rates. No further technical specifics about the court’s response or containment actions were documented in the source material.