While a report and tweets posted this month claim that a hacker group had breached Illinois court information, the claims have not been confirmed by court officials.
A report from The Cyber Express said that a ransomware group called “Everest” claimed to get access to “the network of the US District Court in Illinois, and is now offering to sell that access to interested buyers.”
“Ransomware is a type of malicious software cyber actors use to deny access to systems or data,” according to the U.S. Department of Justice. “The malicious cyber actor holds systems or data hostage until the ransom is paid. After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems. If the demands are not met, the system or encrypted data remains unavailable, or data may be deleted.”
“In recent months, ransomware has dominated the headlines, but incidents among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations have been growing for years,” according to the Cybersecurity & Infrastructure Security Agency.
Earlier this month, Audacy reported that Americans are more concerned about cyber-attacks than nuclear war. Just this week, officials from multiple government agencies met to discuss cybersecurity in St. Louis, Mo.
In a November 2021 monthly threat report cited by ZDNet, security company NCC Group described a group called Everest as a “Russian-speaking” threat actor. NCC Group said that “the group offered paid access to the IT infrastructure of their victims, as well as threatening to release stolen data if the victim refused to pay a ransom,” including data related to “the Argentine Government, Peru’s Ministry of Economy and Finance, and the Brazilian Police.”
Last October, Cybernews reported that “the Everest ransomware gang, believed to be connected to the Black-Byte ransomware operations, said it had hacked AT&T,” and that “on its leak page, Everest claims to be selling access to the corporate network in the U.S.”
“BlackByte is a ransomware-as-a-service (RaaS) operation that leases out its ransomware infrastructure to others in return for a percentage of the ransom proceeds,” per TechCrunch. “The gang emerged in July 2021 when it began exploiting software vulnerabilities to target corporate victims worldwide.”
“According to the group, they have an employee within the court system who has granted them unrestricted access to confidential documents and other sensitive data,” said The Cyber Express of the “Everest” group that allegedly targeted Illinois courts. It referred to a statement Everest made “on a dark web forum” regarding the alleged hack and “screenshots purporting to show their access to the court’s systems and examples of the data types that could be obtained through their network access.”
In addition to claiming it could provide access to the court network, the group also said they had access to a lawyer with confidential documents, per the report. However, this report also appears to refer to the hack victim as the “Illinois State Court Network.”
“We are looking into this,” said Christopher Bonjean – chief communications officer for Illinois State Courts – regarding the claims made in the article and on Twitter, in a statement provide to Audacy. “Some of those are related to federal courts and not state courts. We are a state court and separate from the U.S. District Court.”
Additionally, Public Information Officer Julie Hodek of the U.S. District Court, Northern District of Illinois told Audacy that “the computer network for the District Court for the Northern District of Illinois is not impacted by an outage,” when asked about the claims.
Related
Related
