Ransomware gang Embargo last night claimed responsibility for a cyber attack on Wexford County, MI that took place on election day in the United States.
Embargo added Wexford County to its leak site on the evening of the election. It claims to have stolen 1 TB of data. The group is demanding an undisclosed sum of ransom to be paid by November 11, 2024.
To prove its claim, Embargo posted what it says are the names, email addresses, and passwords of the county and deputy county administrators, Joe Porterfield and Jami Bigger. Embargo did not give details about what information the allegedly stolen data contains.
Wexford County has not verified Embargo’s claim.
Porterfield confirmed a cyber attack compromised the county website and reported the incident to the FBI. He says the attack did not affect election security or integrity, and county staff acted quickly enough to prevent attackers from encrypting county computer systems.
Search results revealed a snippet of text from the Wexford County website, which said, “Ransomware Attack Election Disruption. ATENTION!! This is to inform you that Wexford Michigan is experiencing a ransomware incident. The attack was …” [sic]
The text only appears in search results and no such information appears on the actual county website at time of writing. We don’t yet know if that text was put there by county officials or cyber attackers. Comparitech contacted Wexford County officials for comment and will update this article if it responds.
Who is Embargo?
Embargo is a relatively new ransomware gang that started claiming attacks in April 2024. The group operates a ransomware-as-a-service business in which affiliates pay Embargo to use its malware and infrastructure to launch attacks and collect ransoms.
Comparitech researchers tracked 10 confirmed attacks claimed by Embargo, plus five unconfirmed attacks that haven’t been acknowledged by targets. This is the group’s second confirmed attack on a US government agency. The other targeted the town of Summerville, South Carolina in July 2024.
Ransomware attacks on US government
Ransomware attacks on government agencies can disrupt day-to-day operations and render computer systems useless until a ransom is paid for a key to restore them. Most ransomware attacks also steal data before encrypting it, which gangs then use to extort more money from victims under the threat of selling or publishing residents’ personal info.
So far this year, we tracked 74 confirmed ransomware attacks on US government entities, compromising 844,631 records. Last month, the Housing Authority of the City of Los Angeles (HACLA), the City of Aberdeen, Wayne County, and the Superior Court of California – County of Sonoma were all hit by ransomware attacks.
Elsewhere on election night, ransomware group Qilin added the East Baton Rouge Sheriff’s Office to its data leak site. The Sheriff’s Office has not acknowledged an attack at time of writing, but, if confirmed, it would be the second ransomware attack on the Sheriff’s Office this year. It was previously hit by another group, Medusa, in March 2024.
About Wexford County, MI
Wexford County is located in the Northern Lower Peninsula of Michigan. It has a population of 33,673 as of the 2020 census.
In the 2024 general election, about two-thirds of the county voted for Donald Trump.