Cyber Incident Victim: St. Lucie Tax Collector
Date:
Oct 2023
Location:
United States of America
Summary
A ransomware attack disrupted the St. Lucie County Tax Collector's computer systems, attributed to BlackCat ransomware linked to Russian origins and available on the dark web. While the incident forced system shutdowns and required intensive recovery efforts, officials confirmed no compromise of sensitive personal data, as driver's license, vehicle registration, and payment information resided on secured state servers and third-party vendor systems. The attack aligns with a broader trend targeting government entities, including another Florida judicial circuit. State law prohibits ransom payments, though the operational impact involved significant labor costs and prolonged downtime, described by the tax collector as the most severe challenge faced in two decades of public service.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late October 2023, the St. Lucie County Tax Collector's Office experienced a ransomware attack that forced the shutdown of its computer systems. Tax Collector Chris Craft publicly attributed the disruption to the cyberattack, though the precise date of initial compromise was not disclosed. The incident halted normal operations, impacting services managed by the agency. Craft emphasized that sensitive taxpayer information—including driver's license details, vehicle registration records, and credit card data—remained secure despite the breach. He clarified that driver's license and registration data resided on state-operated servers unrelated to the county's compromised systems, while payment processing relied on external vendors who confirmed their systems were unaffected. The office collaborated with state authorities and third-party vendors to verify the integrity of these external data repositories. Craft declined to specify whether the attackers issued a ransom demand, noting Florida law prohibits government entities from paying ransom under any circumstances. Recovery efforts required intensive manual work by staff to restore functionality, though technical specifics about system restoration were not detailed.
Cybersecurity expert Alan Crowetz identified the attack as part of a trend targeting municipal governments, citing prior ransomware incidents in Riviera Beach, Palm Springs, and Stuart. He attributed the assault to BlackCat ransomware—software developed in Russia and distributed via dark web platforms—noting its simultaneous use against Florida's First Judicial Circuit Court. Crowetz described the attackers' methodology as a "shotgun effect," involving indiscriminate deployment of malicious software to exploit vulnerable systems. While no data exfiltration occurred, Crowetz highlighted the substantial financial burden of recovery efforts, citing round-the-clock labor requirements to rebuild systems. Craft characterized the incident as the most severe challenge of his two-decade public service career, though no specific cost estimates or operational downtime durations were provided. The attack underscored persistent vulnerabilities in local government infrastructure despite protective measures for sensitive data.