SUMTER COUNTY, Fla. — Nine months after a ransomware attack took the Sumter County Sheriff’s Office completely offline, 9 Investigates is getting an inside look at the hit the agency took.
9 Investigates first brought you the story last August after a Russian criminal group, Rhysida, claimed responsibility for the cyber-attack. The agency is now in its final phases of recovery.
“Witness statement, victim statements, things of that nature are all having to be re-entered into the computer system as well,” said Michelle Keszey, Sumter County records manager.
Keszey in part oversees the large project of typing up, scanning and uploading records from the four months the agency relied on just pen and paper.
“There were approximately 1,500 crash reports that took place during our time down. And she is averaging about 10 a day,” Keszey said.
“Until the system was safe to be scanned in so it kind of just stacked up,” said Sheriff Pat Breeden.
Sheriff Breeden took office that November while the agency was still offline.
“Our newer deputies are used to doing everything electronically,” Breeden said. “Well now we’re back to handwriting reports and we’re handwriting tickets,” he said, recalling the challenges over the four months.
This was after Rhysida claimed to have infiltrated the agency’s system in August 2024.
“We started having some problems with our dispatch one night and dispatch is like, some stuff’s not working, something’s not right,” Breeden said,
Authorities later discovered the hackers got in from an external hard drive infected with a virus that an employee brought in.
“We discovered that this had actually been brought in several months prior to the hack and it just kind of sit there in limbo waiting,” Breeden said.
Rhysida posted on the dark web, claiming they stole nearly a terabyte of data. They claimed the data would end up on the dark web, if the Sheriff’s Office didn’t pay their ransom, seven bitcoins or about $425,000.
“How scary of a time was that for you guys?,” Webb asked.
“I was very scared because, you know, we have employees and we have citizens’ information,” Breeden said.
The Sheriff’s Office told us they didn’t believe the cybercriminals ever uploaded the stolen records to the dark web.
“They have available for download, they claim 839 gigabytes of data across over 160,000 files,” said Luke Connolly, threat intelligence analyst for Emsisoft. ”That could easily go back decades, especially for a small town sheriff.”
Connolly says it’s highly likely the hackers had extended access to the Sheriff’s Office database based on the amount of data they claim to have released. He says the hackers aren’t charging for downloads of the stolen material.
Our sources did not download the data that the hacker group claimed to have stolen because of the ethical concerns and also the risk of downloading malware.
With that, we don’t know what all this data could potentially include, including social security or banking information.
The Sheriff’s Office says authorities are looking to prosecute the Russian group responsible.
Now, the agency is in it’s final stages of recovery. Breeden says the most challenging time was when authorities were working to confirm hackers no longer had access to the agency’s system-- what the Sheriff described as “cleaning house.”
“The hardest part was to analyze everything to make sure our systems are now safe to go back online. So, doing that, we have to backlog everything we did in that time period, let’s say between August and now. So everything’s on paper.”
Connolly says the hackers likely were not targeting the Sheriff’s Office, but there are records of value in the agency.
“Money, information, you know, they get anything they can because if they can get people’s identities, they’re looking to do identity theft, they are looking to steal anything they can to make a dollar,” Breeden said.
The Sheriff also says they are retraining employees on cybersecurity.
They’re now almost back to what they were before August 2024, and the Sheriff’s Office says they’re now even stronger.
Click here to download our free news, weather and smart TV apps. And click here to stream Channel 9 Eyewitness News live.
©2025 Cox Media Group
