Pennsylvania courts say no ransom was paid in cyberattack, and attackers never sent a demand

Pennsylvania’s state courts agency said Thursday that it never received a ransom demand as part of a cyberattack that briefly shut down some of its online services earlier this month and prompted a federal investigation.

The attack, called a “denial of services” attack, on the website of the Administrative Office of Pennsylvania Courts disabled some online portals and systems that were all fully restored this week, officials said.

The attack didn’t compromise any data or stop the courts from operating on a normal schedule, officials said.

A courts agency spokesperson said officials there never received a ransom demand from the attackers, never had any communication with the attackers and never paid anything to meet any sort of demand.

The state Supreme Court’s chief justice, Debra Todd, said a federal investigation was continuing.

Neither the courts nor the FBI or the federal government’s lead cybersecurity agency, the U.S. Cybersecurity and Infrastructure Security Agency, have identified the attacker. There have been no apparent claims of responsibility.

In a statement, Todd said the “significant and serious” attack was “orchestrated by a faceless and nameless virtual opponent who was intent on attacking our infrastructure and orchestrating a shutdown of our state judicial system.”

“These anonymous actors attempted to undermine our mission to make justice accessible and to shutter the operation of the statewide court system,” Todd said.