IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Ransomware May Have Hit Florida Elections Office in 2016

A ransomware attack may have hit the Palm Beach County Supervisor of Elections Office in 2016, corrupting some of the agency’s data, and the potential incident was not reported to state or federal officials at the time.

Ransomware attack, binary code
(TNS) — A ransomware attack may have hit the Palm Beach County Supervisor of Elections Office in 2016, corrupting some of the agency’s data. Whatever happened apparently wasn’t reported to the state or federal officials at the time and is only now becoming public — more than three years later.

The attack — as described Wednesday by employees in the elections office — produced moments of panic. It also prompted rushed action to isolate and minimize the damage in the Elections Office server room. And several days of work for some employees was lost.

The incident was detailed Wednesday by Wendy Sartory Link, who was appointed supervisor of elections in January 2019. She said she didn’t learn about it until the information technology director she’d inherited left the office late last year and she questioned an office information technology specialist who she’s since named IT director.

Link’s predecessor, Susan Bucher, said Wednesday evening what was described by Link never happened.

“I can swear on a stack of Bibles that our county was never ransomwared. It is irresponsible for the supervisor [Link] to scare our voters. We are behind Palm Beach County’s firewall. And she [Link] should know better,” Bucher told the South Florida Sun Sentinel by text message.

Link said the public shouldn’t be concerned about security for the upcoming March 17 election, when Florida holds its presidential primaries and 20 cities, towns and villages in the county have elections for local government leaders.

“This happened in 2016. It’s unfortunate that it’s come to light now right before the election because I don’t want voters to be confused, and I don’t want anybody to feel like our current election system is unsafe. Because it’s not," Link said.

Link said she doesn’t believe voters’ personal information was compromised.

A six-person team from the U.S. Department of Homeland Security recently conducted an extensive review at the elections office, lasting nine or 10 days, Link said. She hasn’t received a report yet from the examination, which ended two weeks ago, but said “if there had been something earth-shattering or glaring, I’m sure they would have alerted us to that before they left.”

Link described Wednesday evening what she learned about the incident — which she said happened in September 2016, between the August primary and the November general election — in a telephone interview that also included two of her office’s employees who were there at the time. Earlier, she told the Palm Beach Post Editorial Board about it.

Ed Sacerio, an IT specialist at the time and now the IT director, said a colleague told him that some files were disappearing or becoming encrypted. “These files started disappearing. He stared getting these ... messages in the folder itself asking for some ransom in order to unencrypt the files.”

As Sacerio rushed to the IT manager’s office to tell him what was happening, the IT manager at the time called him with an order to run into the server room and unplug everything.’

“I go blazing running into the server room,” Sacerio recalled. “When I got there, I just stared turning all the servers off.” The IT manager, Jeff Darter, handled the repair of the damage, Sacerio said.

Sean Williams, who was the vote-by-mail manager at the time and is now director of elections, said the agency reverted to a backup to restore the data. Whatever work had been done in the intervening week was lost. “A lot of us lost data because of that,” he said. “You lost whatever work you did.”

Sacerio said he didn’t know if any money was paid. Link, who wasn’t in office at the time, said she hasn’t found any indication that any ransom was paid.

Williams said he wasn’t aware of the incident being reported to authorities outside the office, and Sacerio said he didn’t think it was reported. They described it as the zepto virus.

Steven Abrams was a Republican member of the Palm Beach County Commission in 2016 and served that year as one of the three members of the county’s Canvassing Board, which has some oversight authority over elections. He said by text Wednesday he doesn’t remember hearing anything about a ransomware attack at the time.

Bucher, a Democrat, was suspended in January 2019 by Gov. Ron DeSantis, the new Republican governor, who appointed Link. DeSantis said she failed to properly conduct three contentious statewide recounts for the 2018 midterms. Bucher said at the time she was the victim of “political agendas” but later agreed to resign rather than fight the suspension in the Republican-controlled Florida Senate.

Link said she learned about the attack last year from Sacerio when she was assessing whether he should become IT director. In November, she fired Darter, the previous IT director, for allegedly shoving two detectives who were investigating him for child pornography.

Link said she immediately contacted the state Division of Elections, which said it knew nothing of the incident, and reported it to the FBI. She said the FBI put her in touch with the Department of Homeland Security.

Link said she does not believe it is related to the 2016 infiltration of two Florida counties by Russian intelligence agents, something that was mentioned in the report by Robert Mueller, the special counsel investigating Russia’s meddling with the election. Link said she doesn’t know which counties were affected but said she’s been told that officials in the counties know.

source familiar with a classified briefing given to members of Congress last year said at the time Palm Beach and Broward counties weren’t affected.

©2020 the Sun Sentinel (Fort Lauderdale, Fla.). Distributed by Tribune Content Agency, LLC.