Ransomware, Critical Infrastructure Security

Rhysida ransomware hits Sumter County Sheriff, threatens data leak

Share

The Sumter County Sheriff’s Office is the latest victim claimed by the Rhysida ransomware group, which has threatened to leak data including scans of IDs and fingerprints.  

The Florida county law enforcement agency disclosed that it had experienced a ransomware attack in a Facebook post Tuesday, saying it would work with the Florida Department of Law Enforcement, Florida Digital Services and other IT professionals to conduct an investigation.

The sheriff’s office also said law enforcement response would not be impacted by the attack, but that access to some records would be limited during the investigation. It did not attribute the attack or say whether any data was exposed in the incident.

The Rhysida ransomware gang posted the Sumter County Sheriff’s Office on its leak site Friday morning, with a screenshot posted by Emsisoft Threat Hunter Luke Connolly showing a seven-day countdown for cybercriminals to bid on stolen data. The starting price is listed at 7 bitcoin, or approximately $423,000.

Another screenshot published by Comparitech shows apparent samples of documents Rhysida claims to have stolen, which appears to include scans of passports, driver’s licenses, Social Security cards and fingerprints.  

“We highly recommend citizens and employees of Sumter County remain on high alert for any phishing messages while monitoring accounts for suspicious activity,” Rebecca Moody, head of data research at Comparitech, wrote.

Rhysida continues attacks on government, healthcare

The Rhysida ransomware group has claimed multiple attacks on critical infrastructure over the past year. namely against government agencies and healthcare organizations.

Last week, the gang held an auction asking for at least 30 bitcoin (about $1.8 million) for 6.5 TB of data it said it stole from the City of Columbus, Ohio. On Thursday, Rhysida published more than 3 TB of the Columbus data, or more than 250,000 files, according to NBC4.

The published data appeared to include payroll data, database backups and information on third-party vendors, Ohio State University Assistant Computer Science Professor Carter Yagermann told 10 WBNS. The gang previously said it had also stolen data on city emergency services and surveillance cameras.

Columbus Mayor Andrew Ginther said in a statement that “it has not been validated that the data is usable or valuable,” adding that “the fact that the threat actor’s attempted data auction failed is a strong indication that the data lacks value to those who would seek to do harm or profit from it.”

The city had successfully prevented the encryption of files during the July 18 attack and began offering free credit monitoring to city employees on Aug. 1.

Rhysida also took responsibility for an attack on Delaware-based Bayhealth Hospital on Thursday, asking for 25 bitcoin (nearly $1.5 million) to prevent the release of data. The gang also attacked Chicago-based Lurie Children’s Hospital in January, the national British Library in October, and Mississippi-based Singing River Health System as well as Prince George’s County Public Schools in Maryland in August 2023.

Comparitech, which has been tracking cyberattacks on U.S. government organizations, has noted 57 confirmed attacks in 2024, with numbers on track to exceed the 78 confirmed attacks in 2023, Moody told SC Media in an email. The average ransom for attacks on U.S. government agencies in 2024 is $750,000, according to Moody.

“Ransomware attacks on governments focus on causing as much disruption as possible by crippling key systems and preventing access to vital records. This helps increase the threat actors’ chances of security a payment,” Moody said.

Rhysida ransomware hits Sumter County Sheriff, threatens data leak

The ransomware gang has extorted multiple government agencies and hospitals over the last year.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.