Florida county elections hit with ransomware before 2016 elections

Florida has had its share of election incidents – in 2000 results of the presidential election hung by a chad. But in 2016, weeks before the heated presidential tussle, it seems, miscreants launched a ransomware attack on the West Palm Beach County Supervisor of Elections Office.

Elections Supervisor Wendy Sartory Link told The Palm Beach Post she found out about the attack, which occurred under the watch of her predecessor Susan Bucher, only after the IT Director James Darter was fired last November after being arrested for possessing child porn.

The acting IT director, Ed Sacerio, told Link about the attempt. “He said, ‘One thing I don’t know is about ... what happened with the hack we had back (in 2016), to know if that’s still a problem,’” Link cited Sacerio as saying. “I’m already reeling from the fact that we just lost our IT director, and now you’re telling me that there was a hack that no one bothered to share?”

She soon found out that the attack, which she doesn’t believe to be one of two Florida election hacks mentioned in the Mueller report, hadn’t been reported to authorities.

“Called the state, they didn’t know about it. FBI didn’t know about it. Homeland didn’t know about it,” Link told the Post.

“This attack coincides with the attack on San Francisco's Muni rail system in November of 2016 and the ransomware attack that left 70 percent of Washington DC's police security cameras inoperable in January of 2017, just weeks before the presidential inauguration,” Erich Kron, security awareness advocate at KnowBe4. “While the Muni attack was well known due to the fact that light rail ticketing systems displayed the ransom demands and Muni had to open the gates and allow free rides for several days, the Washington, D.C. event was also handled fairly quietly.” 

Noting that in 2016 ransomware infections didn’t spread across networks as quickly as they do today, Kron said in the Florida elections board incident, it’s “possible that the infection was isolated to a single machine or a couple of machines, which may explain why the incident was not reported to the FBI or DHS.”

Even though it’s likely the ransomware was delivered through a phishing attack, Kron said it was prudent to understand how the event happened and to make sure the vulnerability that allowed it had been addressed. “It is surprising that the second-in-command at the time is unsure if the vulnerability still exists or how the infection started,” he said. With the 2020 elections fast approaching and threats intensifying with potentially monumental ramifications, organizations must take measures to ensure election security and integrity by teaching users how to detect phishing emails, conducting simulated phishing tests and securing remote access portals for employees or IT staff and vendors, Kron said

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.