Cyber Incident Victim: Office of the Colorado State Public Defender
Date:
Feb 2024
Location:
United States of America
Summary
A ransomware attack encrypted data and disrupted operations at the Office of the Colorado State Public Defender, forcing a network shutdown that prevented access to critical systems, client files, and court documents. Public defenders statewide sought case postponements due to an inability to perform legal work, with impacts potentially lasting a week. While the wider court system remained unaffected, cybersecurity experts identified the incident as consistent with ransomware tactics targeting government entities, highlighting risks of stolen sensitive client data being exploited for secondary extortion. The agency implemented preventive measures to restore systems securely amid broader concerns about vulnerabilities in public-sector infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 6 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyberattack involving malware encryption disrupted operations at the Office of the Colorado State Public Defender, with the breach confirmed by spokesperson James Karbach on February 12, 2024. The agency proactively shut down its statewide computer network after discovering the incident, which internal emails indicated was underway by approximately 11 a.m. on February 9. This defensive action rendered public defenders unable to access work computers, court dockets, electronic filings, or client case materials, severely limiting their ability to perform legal work. The Colorado Judicial Department confirmed its separate court systems remained fully operational and unaffected by the breach. Public defenders immediately began requesting hearing postponements across multiple jurisdictions, with Adams County District Court hearings delayed by attorneys citing inability to access case files or use agency computers. Judicial personnel estimated the outage could persist for at least one week based on preliminary assessments.
The incident's characteristics led cybersecurity experts to identify it as a likely ransomware attack, though officials did not confirm whether data exfiltration occurred or if ransom demands were made. Malware encryption typically prevents legitimate users from accessing systems until payment is made or backups restore operations. Historical Colorado ransomware incidents provided context, with entities like Lafayette city ($45,000 paid in 2020) and CDOT ($1.5 million recovery costs without paying in 2018) illustrating variable response outcomes. Cybersecurity analysts noted government agencies face increasing targeting due to their critical services and sensitive data holdings, with particular concern about potential exposure of confidential client information from public defender case files. The Public Defender's Office maintained limited operations while working to securely restore systems, prioritizing containment through network isolation rather than publicly discussing remediation timelines or data recovery methods. Court delays accumulated as attorneys relied on manual workarounds during the outage.