Most Suffolk County, NY systems still down after ransomware attack

Over 20 days later, Suffolk County, NY begins to see slow recovery from the cyberattack that crippled area systems, including taking 9-1-1 offline shortly, but majority of systems are still down.

County clerks had to resort to pen and paper filings while simultaneously being locked out of crucial systems and documentation. Civil Service exams had to be canceled. $15-$20 million dollars of payments to workers, utilities, and other firms were put on hold or needed to be filed by manual cheque. Real estate in the area was frozen in place with title records being inaccessible leading to distress of many residents trying to buy, sell, or move homes.

Investigations show that the hacker group BlackCat has published some documents on the dark web such as court records and speeding tickets. However, the hacking group claims they have up to 4 TB of stolen data.

“The Suffolk County Government was attacked. Along with the government network, the networks of several contractors were encrypted as well.

Due to the fact that Suffolk County Government and the aforementioned companies are not communicating with us, we are publishing sample documents extracted from the government and contractor network.

The total volume of extracted files exceeds 4TB.

Extracted files include Suffolk County Court records, sheriff’s office records, contracts with the State of New York and other personal data of Suffolk County citizens. We also have huge databases of Suffolk County citizens extracted from the clerk.county.suf. domain in the county administration.”

- Suffolk County Officials reported during a press conference.

Further, the hacking group appears to have had access to the backup tools for the county potentially meaning that backups of crucial files for the county may be lost permanently. The county has yet to respond to any inquiries about the state of backup systems or copies of data backups they should have had.

Suffolk County officials are urging residents to continue to monitor their own credit reports, and suggest putting freezes on accounts and credit lines for the time being. County officials are continuing to work with the Department of Homeland Security and local law enforcement to get back online fully.

Reports show that since 2019, the county has invested over $6.5 million dollars into cybersecurity, however there is scrutiny over whether or not these funds were used to make any protections in the wake of this devastating attack.

Local towns inside of Suffolk County area such as Riverhead are currently fully operational thanks to increased cybersecurity protocols as well as constant monitoring of their networks during this time.

Riverhead and ther towns like Mattituck-Cutchogue have previously been hit with ransomware attacks on their school districts so they felt more prepared after needing to rebuild cybersecurity systems earlier this year. Riverhead School District in protections against attacks has moved to Cloud Services and backcup systems. Other towns like Southhold have minor measures in place however state they do not currently have cyber insurance.

Suffolk County is currently rolling out restorations of their services but officials have not been able to give a timeline on how long it will still take to bring everything back online fully.

Ransomware is quickly becoming the most popular form of attack as hackers move towards extracting higher and higher amounts of money from victims. IBM’s security force states that ransomware accounted for 21% of all cyberattacks in 2021.

New York’s U.S. Senator Charles Schumer is calling on the Federal Trade Commission (FTC) and other federal government agencies to crackdown on ransomware and cyberattacks.

“In roughly the last 30 days, vital and personal information has been hacked at many major U.S. companies [Uber, American Airlines, U-Haul, DoorDash, and more], compromising people’s privacy. Yet, if you ask most people about these hacks they don’t even know they occurred and the feds are saying very little.”

Cybersecurity experts believe that the average cost of a breach is upwards of $4.35 million dollars in damages and downtime.  

Schumer has worked on securing $1 billion dollars within the Bipartisan Infrastructure Bill recently. This will allow state governments to work on creating cyberattack plans and protections to protect companies and important entities within New York state.  

Quick Tips for October’s CyberAwareness Month: 

Don’t think it can’t happen to you and fall victim to a data breach or cybersecurity risk. We at Motiva Networks can help you make a plan and see if your data has been compromised with a Free Confidential Cybersecurity Risk Assessment.