[BreachExchange] Martin County Tax Collector's possibly hit by ransomware attack

Fri Oct 29 09:54:50 EDT 2021

https://www.wptv.com/news/region-martin-county/martin-county-tax-collectors-possibly-hit-by-ransomware-attack

MARTIN COUNTY, Fla. — WPTV is learning more about what might be causing the
lengthy closure of the Martin County Tax Collector's offices for nearly two
weeks.

Whether it’s renewing a driver license, selling or buying a car or home, or
paying your property taxes, you may not realize how critical tax collector
services are until you can’t access them.

For nearly two weeks, customers at Martin County Tax Collector's offices
have been turned away or sent to neighboring St. Lucie County for help
while theMartin County Tax Collector worked to resolve what she calls
"network issues."

Tax collector Ruth Pietruszewski won’t say what those issues are or if
personal info has been jeopardized.

But WPTV obtained copies of text messages that were sent from Martin
County’s IT department Sunday morning, Oct. 17, to constitutional offices
around the county, warning that the tax collector’s network was hit by
BlackByte ransomware.

Alan Crowetz, CEO and president of Infostream, Inc., explains how it
typically works.

"Usually a fake email," Crowetz said. "They send an email out to try to get
someone to click something and run something and it runs something that
goes and scrambles all the files on the network.”

Then a password is placed to unscramble the files.

"So all that data is no longer usable unless somebody has that password.
That’s when the ransom comes in. If you want us to unlock all your files
that are shutting down the network, you can pay us a large amount of
money," Crowetz said.

Texts show by Sunday afternoon, the tax collector brought in a private
company to try to recover the network.

On Monday, IT workers determined the tax collector was the only office hit,
and there was no evidence of BlackByte ransomware in any other county
offices.

Crowetz said getting around ransomware is nearly impossible if you don’t
have good backups. Two weeks of trying to recover the network, he said,
isn’t a good sign.

"So it’s been this long, there were some major, major mistakes made,"
Crowetz said. "Should taxpayers up here, customers be worried about their
personal information being out there? Typically no. But I will say it does
happen and we have to assume the worst. In security you can’t assume, I
hope they didn’t get it or there’s a 90% chance they didn’t get it. So in
this stage they’re probably in pure panic mode."

Martin County said it has also offered assistance to the tax collector's
office.

But in the ongoing confusion for residents and county leaders the county
also said Thursday that the company the tax collector hired to resolve the
issue is now retracting its blame on BlackByte ransomware and said it has
still not determined the exact nature of incident.

On Thursday evening, Martin County Sheriff William Snyder release the
following message to residents:

The Martin County Tax Collector’s Office is experiencing a countywide
computer interruption which has affected most of their services. Martin
County residents may not be able to make necessary changes to their
driver’s licenses or license plates as required by law until the issues are
resolved.

As a result, Sheriff William Snyder has directed all law enforcement
personnel to refrain from issuing citations to Martin County residents with
expired license plates or driver’s licenses until further notice.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211029/4d257956/attachment.html>