Three-fourths of ransomware attacks in Florida targeted public sector

Local government entities accounted for 78% of publicly disclosed ransomware victims over a more than three-year period, researchers found.
Miami palm trees
(Getty Images)

Publicly disclosed ransomware attacks against entities in Florida spanning more than three years overwhelmingly targeted the public sector, according to a report published this week by researchers at the University of South Florida.

Of 18 incidents the report examined, 14, or 78%, involve a local-government victim. The list of targets includes cities, towns, counties, school districts and the Palm Beach County Supervisor of Elections.

“Ransomware is an increasing threat to Florida public and private sector institutions. Florida has experienced a massive uptick in ransomware incidents, starting in 2019, with significant monetary impact, as well as disruption of critical infrastructure,” reads the report, which was compiled by Ryan Haggard, a graduate student at USF, in conjunction with Cyber Florida, a think tank that promotes cybersecurity education.

The Palm Beach elections office incident, which occurred September 2016 but was only disclosed last February after the office’s IT director was fired for possession of child sexual abuse material, is the earliest on Haggard’s list. That incident, which did not lead to payment, was mitigated and is not believed to have been connected to Russian government attempts to access election infrastructure during the 2016 presidential race.


But in the three-and-a-half ensuing years, the hits kept coming to local governments across the Sunshine State, the report states. It includes several incidents that were among the highest-profile ransomware incidents of 2019, including six-figure payments made by the cities of Riviera Beach and Lake City, and an attack against Pensacola, Florida.

The Riviera Beach and Lake City incidents both involved the Ryuk malware, which is currently threatening hospitals across the United States, while the Pensacola incident was one of the earliest known examples of the Maze ransomware, which popularized the now-familiar tactic of stealing victims’ data and threatening to publish it if a bounty is not paid. Pensacola officials, threatened with a $1 million ransom last December, declined to pay.

The most recent reported incident on the USF report, a February attack against the North Miami Police Department, has not been attributed to a specific malware.

But ransomware targeting the U.S. public sector has shown few signs of slowing down in 2020, with attacks surging against school districts and local officials resigning themselves to the extortion malware’s inevitability.

The report only includes four private-sector attacks, affecting a prison services vendor, a car dealership, a facial reconstruction clinic and the Tampa Bay Times newspaper. But that likely understates the number of Florida companies that were hit with ransomware over the report’s timeframe: Private-sector ransomware victims disclose attacks far less often than governments, a trend that federal law enforcement officials have tried to change.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts