Philly courts blame Russian hackers for virus attack that has crippled system for weeks

The virus that has put key parts of the Philadelphia court system out of action for a month appears to have originated in Russia, and hit as other counties in the state also battled malware attacks, the city system’s top administrator said Friday.

Joseph H. Evers, court administrator for the First Judicial District, said the virus has been "isolated and eradicated.” The court’s portals for public information and electronic-filing should be up and running next week, he said.

Evers said security experts concluded that a digital address tied to the virus suggested the attack had been launched from Russia. While unable to provide details, Evers said the hackers’ IP address — the unique identifier for a computer or server — was on a federal roster of suspicious addresses.

No ransom demand was made, and Evers was at a loss to explain the motivation behind the attack beyond that local governmental systems appear to be more vulnerable than federal ones. “It didn’t have the earmarks or style of ransomware,” he said Friday.

The attack forced the system to shut its employees’ email system and its portals on May 21.

Evers said the Philadelphia attack was among a handful to hit county court systems in the state in recent weeks, though he did not know if the intrusions were related.

On May 25, officials in Luzerne County said a virus attack was detected there, posing a risk to some court data as well as computers used by the county government. Officials said they fixed the issue in a week.

In February, experts in Chester County quickly removed malware found in the computer system there. There was no negative impact, a county spokesperson said. The county’s computer experts called it “Emotet/Trickbot" malware, which enters a system through spam and is designed to steal information.

In Philadelphia, Evers sent a letter Friday to top judges that identified SoluStaff, headquartered in Montgomery County, as the security company hired to combat the attack. Evers said it had been paid a relatively modest $17,304 so far.

In his message to judges, obtained by The Inquirer, Evers said SoluStaff has been awarded an additional $60,000 contract for more work to help the First Judicial District to toughen its digital walls and modernize its systems.

In the message, Evers assured the court system’s governing board that there had been “absolutely no indication of a breach of court data.” He praised the system’s workforce for engaging in a series of work-arounds, laboring “the old-fashioned way,” to keep the courts’ operative.

An executive with SoluStaff declined comment Friday. Its website says SoluStaff is headquartered in Erdenheim and has offices in Center City, New York City, and Leesburg, Va. It provides a variety of consulting services, with a focus on health-care data systems.

While Evers’ team was able to restore regular email service a few weeks ago, the shutdown continued to impede the processing of civil cases. Online criminal dockets, which are on a statewide portal system, were not affected.

» READ MORE: Philly court system websites, computer programs still down after virus attack

The safety shutdown meant the public and researchers could not access the computer system to check the status of lawsuits or research liens and other civil matters. Plus, law firms that handle civil cases have had to file legal pleadings in person, sending runners to City Hall to file motions and other documents.

Aside from the cost to hire the security firm, Evers said, the intrusion was a wake-up call about the need for the court to spend heavily to upgrade its computers. “We have to rebuild our whole infrastructure. We have aging servers," he said. "We’re going to need help. We just don’t have the kind of funding to allow us to do that.”

He added: “Unless we’re prepared, we are unprepared.”

Evers said he had to balance the public’s need for information about the attack — some judges have been pushing for more transparency — with the necessity for secrecy. Even revealing the name of a security firm, he said, could provide intruders with clues as to the defensive measures particular firms deploy.

“No matter how prepared you think you are,” he said, “there are guys who spend their whole life trying to get into this kind of environment.”

In recent years, hackers have hit numerous government agencies across the nation. Baltimore refused to pay hackers $76,000 after an attack last month, while a suburb in Florida agreed to pay $600,000 in in response to a ransom demand.

Staff writer Mark Fazlollah contributed to this article.