Chief Judge John Miller details the First Circuit’s massive cyberattack
'The reason I chose to speak on this today is to stress the importance of getting practitioners, law firms, organizations, to realize the importance of cybersecurity. Because it can and will happen to anyone.'
First Circuit Chief Judge John Miller was in his bathroom shaving when his cell phone rang on September 29.
Given the hour, 6:30 a.m., Miller knew it wasn’t good news.
“It was my court administrator on the line, and he was saying we have been the victim of a cyberattack, and they have everything,” Miller said.
At a December 1 meeting in Destin, Miller told the Board of Governors that with the state’s help, the circuit recovered from a massive cyberattack without suffering a major disruption to court operations.
“And fortunately, through the team that we have, we have been able to recover a great majority, if not everything of what we lost,” he said.
Recovery wouldn’t have been possible without the help of the Supreme Court, the Office of State Courts Administrator, local clerks, and local court personnel, Chief Judge Miller said.
At first, a successful recovery appeared less than certain. The court administrator’s report — that the attackers got everything — was no exaggeration, Miller said.
“They got our phone system, our computer system, all of our files, some of our employees’ personal data was compromised, both past and present employees,” he said.
The news got worse.
“I found out the next day, not only did they get our system, they also got our backup system, because our backup system was connected to our main system.”
First Judicial Circuit representatives met daily, and weekly, with their OSCA counterparts to repair the damage and keep the courts functioning, Miller said.
When the attack denied access to the network-based court reporting system, “Court Smart,” court personnel got creative, Miller said.
“We went back to paper, we found some hand-held court reporting machines that we could use,” he said. “We got live court reporters like we had in the old days for a lot of trials. It was like doing this 10, 15 years ago.”
The First Judicial Circuit posted a notice that “an information technology security event” had prompted an investigation. The notice warned the event will “significantly affect court operations across the Circuit…for an extended period of time.” Essential court operations were given priority, and other proceedings may be paused for several days, beginning October 2, the notice advised.
IT trade journals reported that the international ransomware crime network, “ALPHAV BlackCat” claimed responsibility for the First Judicial Circuit attack.
The group was linked last year to attacks on global institutions and some in the U.S., including North Carolina A&T, and Florida International University.
Experts have warned for years that lawyers are prime targets for cyberattacks. This summer, President Scott Westheimer formed the Committee on Cybersecurity & Privacy Law. The panel of experts is serving as a resource for Florida Bar members.
Florida lawyers need to take cybersecurity seriously, Miller said. That includes making sure that their IT backup systems are shielded from the internet and located offsite, Miller said. Lawyers should train their office personnel to identify suspicious emails, Miller said. An IT expert who is paid a few thousand dollars a year to review a firm’s cybersecurity is no match for international ransomware gangs, Miller warned.
Unlike the First Judicial Circuit, a law firm won’t have the Supreme Court and the Office of State Courts Administrator to assist with recovery from a major attack, Miller said.
“The reason I chose to speak on this today is to stress the importance of getting practitioners, law firms, organizations, to realize the importance of cybersecurity. Because it can and will happen to anyone.”