On the morning of Sept. 8, the members of the Suffolk County Legislature were given a directive: Shut down your computers.
Al Krupski (D-Cutchogue), who represents Riverhead and the North Fork, said the day prior he had a Zoom meeting that had to be canceled, the first indication that something was amiss. Soon after, the reality of a large-scale ransomware attack that has plagued the county began to come into focus. More than 10 days later, county email accounts and web sites remain down as investigators work to identify the source of the attack and safely restore the system.
“This is a bigger, longer disruption than anyone could have imagined,” Mr. Krupski said in an interview Monday.
In a press conference last week, Suffolk County Executive Steve Bellone said the initial investigation did not directly point to a ransomware attack — in which hackers threaten to disable a system or publish stolen data unless paid a sum of money — although the malware detected had “hallmarks of ransomware.”
Three days later, however, the source of the attack was allegedly disclosed when a ransomware team called ALPHV or “BlackCat” claimed responsibility for the attack on the its dark web site, according to databreaches.net, a blog that has been published since 2009 on data breaches.
Databreaches published a copy of a post the hackers wrote, where they claimed to have extracted more than 4 terabytes of data.
“Due to the fact that Suffolk County Government and the aforementioned companies are not communicating with us, we are publishing sample documents extracted from the government and contractor network,” the post read.
It included samples of extracted files from Suffolk County court records, Sheriff’s Office and contracts with the State of New York and “other personal data of Suffolk County citizens.” It said the hackers have obtained “huge databases of Suffolk County citizens from the clerk.county.suf domain.”
Officials have not disclosed whether a specific monetary request has been made.
At a press conference Monday outside the Suffolk County Police headquarters in Yaphank, police Commissioner Rodney Harrison provided little insight into the current state of the investigation when asked about the types of documents the attackers obtained and how residents could be affected.
“I wish I could share that with you,” he said, citing an active investigation. “A lot of things are still ongoing. As we get closer to identifying things, we will share with the media and public.”
Mr. Harrison and Mathew Lewis, the police chief of operations, spoke about how the department has shifted its emergency call system to an old way of operating. Call details have been recorded by hand with information handed by “runners” to a dispatcher, rather than going directly into a computer system.
Mr. Harrison said the NYPD has provided the county call center five additional emergency call operators per tour, “helping to reduce some of the stress on our current call takers.”
The NYS Department of Homeland Security and Emergency Services has also provided the department “highly sophisticated technology that will provide additional firewall protection, enabling us to bring our [computer-aided dispatch] system back online safely and securely while the county’s overall system continues to be addressed,” Mr. Harrison said.
He added that the system with “runners” relaying information has not slowed down responses for officers in the field. Radio systems among officers are not affected, he said.
Police expect the CAD system to be up and running by the end of the week.
Mr. Lewis highlighted a case early Monday morning where an NYPD officer took a call of an active maternity in Coram. The call ended up in the hands of the Suffolk County Fire Rescue and Emergency Services, where a dispatcher guided the father through the delivery. The baby was born before first responders could arrive and “baby and mom are doing fine,” he said.
Suffolk police have also partnered with the New York State Police, who are assisting with fingerprinting and other processes after an arrest at one of several barracks in the county, including Riverside.
The cyber attack so far has had limited ramifications locally on the town governments in Riverhead and Southold. Both town supervisors said their IT systems have been operating normally.
Southold Supervisor Scott Russell said Mr. Krupski has remained in contact with the town office.
“The communication has been fine,” he said in an email. “We just do it the old fashion way and use a phone.”
“There may have been a short delay in their ability to process pending applications but, there is nothing that couldn’t wait while they sort through and fix their technical issues,” he added.
Riverhead Supervisor Yvette Aguiar said the town’s system is independent has not been affected and the town has taken steps to “strengthen our IT protocols.”
Mr. Bellone announced last week the county had set up a temporary landing page to provide county residents with information at suffolkcountyny.gov. The town’s 311 phone service remains intact and residents are encouraged to call for any questions related to any of the county services.
Mr. Krupski said his office has fielded an uptick in calls in the past week with people seeking information typically available online.
“People have become reliant on the technology,” he said. “If it’s not there, then what do you do?”
Some departments are more reliant on the technology than others, he said.
“I think departments have been very good at trying to keep the wheels turning,” he said.
Last Thursday, the county IT workers came to the legislator’s office to go through four desktop computers and a laptop to examine if anything had malware. He said the computers appeared to be clean and then members of the IT returned Monday morning while he was at a meeting.
Mr. Krupski said he was unsure what kind of information was stolen and noted a lot of the information the county stores is public information available via the Freedom of Information Law.
“We’re not quite sure of the extent of this yet,” he said. “We really don’t know.”
Mr. Bellone emphasized last week that the county remains up and running and tried to reassure residents that they can expect the same level of service.
“We’re doing everything we can, even in this challenging circumstances, to keep it as business as usual for residents,” the county executive said.
Mr. Bellone said the county implemented “aggressive containment measures” when the attack was detected to eradicate the intrusion and restore systems “in a safe and secure manner.”
Ransomware attacks have often targeted school districts in recent years. The Riverhead Central School District in late 2021 and the Mattituck-Cutchogue School District earlier this year both endured cyber attacks.