Cyber Incident Victim: Committee for Public Counsel Services

In late February 2019, the Committee for Public Counsel Services, responsible for overseeing public defenders in Boston, experienced a ransomware attack that disrupted its operations. The attackers demanded payment in Bitcoin to restore access to the organization's compromised systems. The Committee opted against paying the ransom, choosing instead to restore operations using backup systems. This decision necessitated taking critical digital infrastructure offline for an extended period to cleanse infected systems of malicious software. The attack rendered essential services inoperable, including email communications and digital platforms supporting legal workflows. As a security precaution, the organization maintained systems offline throughout the restoration process to prevent further spread of the ransomware infection.

The incident caused a weekslong operational slowdown across Boston's legal system, with impacts extending beyond the Committee's direct operations. Private attorneys contracted to represent indigent clients experienced payment delays due to disrupted financial systems, as the attack interrupted the processing of government compensation for these services. Court-appointed lawyers relying on these payments faced financial uncertainty while the restoration continued. The systemic disruption lasted approximately two weeks, during which legal service delivery remained impaired. Restoration efforts focused on rebuilding systems from backups while maintaining offline security measures to ensure complete malware eradication before returning to normal operations.