Update on HCSO cyber attack

On May 26, the Highlands County Sheriff’s Office was attacked by a band of cyber terrorists who invaded our computer system and took it hostage. We previously provided information to the public on May 27 and June 10. We are providing this notice to further inform the community about what happened and what we are doing in response.


HCSO was hit with a sophisticated attack by a cyber-terrorist group calling themselves Quantum. Being targeted by this type of criminal activity is unfortunately a common occurrence for both public and private entities across the United States. Despite the security measures that we had in place to protect against such attacks, these well-funded hackers were able to invade our computer systems and encrypt large portions of our network with their malware. Importantly, we were able to continue providing services to the community, including 911 and emergency services, throughout the attack and subsequent recovery. The terrorists also claimed to have taken some of the data but were unwilling to provide any more than token evidence to support that allegation. Unfortunately, if that claim is correct, that data likely includes personal information, such as names, contact information, Social Security numbers, and driver license numbers that HCSO has collected about individuals for a variety of reasons while serving the community, as well as the various types of information we collect from our personnel. At this time, we are unable to determine exactly what data might have been taken because of the encryption that was implemented by the malware. The Quantum group attempted to blackmail HCSO into paying $2.5 million for a decryption tool, but we refused to give in to criminals and use taxpayer money to pay their extortion demand. We aren’t going to reward them for their actions. We also had no guarantee they would not come back asking for more even if we did pay.  


Like all terrorists, those who initiate attacks like these prey on fear. In this case, it is the fear of losing vast amounts of data and computer systems that help us function as modern law enforcement agency. We fought back hard from the moment we knew we were under attack and have been fighting tirelessly every day since. Of our more than three dozen computer servers, the immediate steps taken by our IT department in the first hours we knew we were being invaded protected nearly 20 servers from falling victim to this attack. We promptly engaged third-party experts to help investigate and respond to the incident as we began investigating ways to restore our systems. We are adopting measures to further secure our systems and protect the personal information entrusted to us.


While we have no reason to think data affected by the incident has been released publicly, we encourage you to remain vigilant. Please review your account statements, check your credit reports on a regular basis, and report any suspicious activity to law enforcement.


We take seriously our obligation to safeguard information entrusted to us. To address any questions you may have, you can contact us at 863-402-7200. We appreciate the patience of our community and the cooperation of our county and state partners as we continue to work through the aftermath of this serious attack.