Cyber Incident Victim: Superior Court of Los Angeles County
Date:
Jul 2024
Location:
United States of America
Summary
The Superior Court of Los Angeles County experienced a ransomware attack that disrupted its internal systems, prompting an immediate shutdown of all network operations to contain the threat. The intrusion was detected by the court's Technology Services Division, which leveraged recent cybersecurity infrastructure investments to rapidly identify and respond to the incident. While preliminary investigations found no evidence of compromised user data, the attack caused significant operational disruptions with systems remaining offline for an extended period. Multiple agencies, including state and federal law enforcement, are assisting in the ongoing investigation. The court emphasized its proactive cybersecurity modernization efforts as critical to mitigating the attack's impact.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Superior Court of Los Angeles County experienced a ransomware attack in the early morning hours of July 19, 2024, detected by its Court Technology Services Division. The court publicly announced the incident on the evening of July 19, characterizing it as a "serious security event" later confirmed as ransomware. Upon discovery, court officials immediately disabled all network systems to contain the attack and prevent further damage, maintaining this shutdown through at least the weekend to facilitate remediation efforts. According to FBI definitions referenced in the announcement, ransomware attacks typically block access to computer systems and data while demanding payment for restoration. The court's statement acknowledged such incidents could cause significant operational disruptions and potential loss of critical information, though no specific ransom demands or data loss claims were disclosed.
Response efforts involved coordinated investigations with the California Governor’s Office of Emergency Services alongside local, state, and federal law enforcement agencies. Preliminary findings indicated no evidence of compromise to court users' data as of the announcement. The court attributed its rapid detection capabilities to recent cybersecurity investments, including infrastructure modernization and strategic staffing enhancements within its Cybersecurity Division under Court Technology Services. These measures reportedly enabled prompt intrusion identification and containment. Court representatives remained unavailable for additional commentary the following day, leaving unresolved questions about operational impacts, recovery timelines, and whether court functions requiring network access were suspended during the outage.