Ransomware Attack on Sumter County Sheriff's Office by Rhysida

The Sumter County Sheriff’s Office (SCSO) in Florida has recently been targeted by the Rhysida ransomware group, as announced on Tuesday. This attack has disrupted access to certain records, although essential law enforcement services remain operational. The SCSO is actively collaborating with the Florida Department of Law Enforcement, Florida Digital Services, and other IT professionals to investigate the breach.

About the Sumter County Sheriff's Office

The Sumter County Sheriff's Office, led by Sheriff William O. "Bill" Farmer, Jr., has been a cornerstone of public safety in Sumter County, Florida, since 1997. With over 330 personnel, the SCSO is a substantial law enforcement organization dedicated to crime prevention, investigation, and community engagement. The office is known for its specialized programs, such as the Safe Program and the School Safety Division, which address the unique needs of the community. The SCSO's commitment to integrity, respect, and professionalism is reflected in its multiple accreditations and rigorous evidence management protocols.

Details of the Attack

Rhysida has claimed responsibility for the attack, asserting that they have obtained sensitive data, including scans of IDs and biometric information such as fingerprints. The group has issued a seven-day ultimatum for the Sheriff’s Office to pay a ransom, threatening to release the stolen data if their demands are not met. While the SCSO has not confirmed whether any data has been compromised, it acknowledged that the attack has limited access to specific records. Citizens and employees are advised to remain vigilant for potential phishing attempts and to monitor their accounts for any suspicious activity.

About the Rhysida Ransomware Group

The Rhysida Ransomware Group emerged in May 2023 and has since targeted various sectors, including education, healthcare, manufacturing, information technology, and government. Rhysida ransomware is written in C++ and primarily targets Windows operating systems. The group employs a double extortion technique, stealing data before encrypting it and threatening to publish it unless a ransom is paid. Rhysida's attacks are often initiated through phishing campaigns, leveraging valid credentials and establishing network connections through VPNs for initial access. The group uses tools like PsExec for lateral movement within the victim's network.

Potential Vulnerabilities

The SCSO's reliance on modern technology and extensive data management systems may have made it a target for threat actors like Rhysida. The group's ability to leverage valid credentials and establish network connections through VPNs suggests that the initial breach could have been facilitated by compromised user accounts or insufficiently secured remote access points. The SCSO's proactive approach to law enforcement and community engagement underscores the importance of cybersecurity measures to protect sensitive data and maintain public trust.

Sources

• Sumter County Sheriff's Office
• SOCRadar - Rhysida Ransomware
• Logpoint - Uncovering Rhysida
• Cyfirma - Weekly Intelligence Report