Part of the problem is that the full scale of ransomware attacks is not always disclosed.
It was three years after the 2016 election that the Department of Homeland Security, the F.B.I. and even Florida state officials learned that Palm Beach County — which played a critical role in deciding the 2000 election — had its election offices seized by ransomware just weeks before the election.
Over the past 18 months, cybercriminals — primarily based in Russia and Eastern Europe — have hit the American public sector with more ransomware attacks than in any other period on record, according to Emsisoft, which tracks the incursions. A record 966 ransomware attacks hit the American public sector last year — two-thirds of them targeting state or local governments.
Among them: A Texas county that voted for Hillary Clinton in 2016 as well as counties that helped determine the 2016 election in Ohio, Pennsylvania, Florida and Georgia, and other cities and counties that will most likely play a critical role in deciding close Senate races in South Carolina, Kentucky, Colorado and Maine in November.
The F.B.I. concluded that ransomware “will likely threaten the availability of data on interconnected election servers” in November, according to a bureau analysis leaked this summer. The agency cited two recent examples: a ransomware attack in Oregon that locked up county computers and crippled backup data, and another in Louisiana in which cybercriminals hacked the secretary of state’s offices, then waited three months to detonate their ransomware the week of Louisiana’s statewide elections for governor and legislative seats last November.
The Louisiana election proceeded unscathed because officials had the foresight to separate voter rolls from internal networks. Still, some analysts feared the attack was a dry run for Nov. 3.
Sometimes victims pay — as a small town in Florida did. Sometimes they refuse, as Atlanta did — though it ended up spending more than the ransom demand reconstructing its systems.
The latest victim, Tyler Technologies, has been vague about the details of its attack. Citing a continuing investigation, the company declined to elaborate on the ransom demands, say whether it paid or offer any details about the attackers. And while the company claimed that none of its products “support voting or election systems,” its Socrata dashboard software is used by some election officials to aggregate and share election results.