Suffolk County ransomware attack: What you need to know
Since Sept. 8, when Suffolk County Executive Steve Bellone announced a possible “cyber intrusion” of government computer systems, residents, businesses and others have been unable to access county websites and email addresses while officials investigate the attack. Following are questions and answers about key issues that have arisen during the shutdown:
Q: What county departments are affected by the shutdown?
A: All of them, essentially.
Some county functions are down entirely, including the ability to pay traffic tickets or run title searches on properties.
And because of the computer shutdown, Suffolk County Executive Steve Bellone, a Democrat, was unable to file his 2023 budget by last Friday's deadline. The deadline has been extended, a Bellone spokeswoman said.
But officials say all agencies are operational, although many have switched to paper record keeping.
For instance, 911 emergency operators are answering calls from the public, but employees are writing down call information and hand-delivering it to dispatchers.
The county has launched a temporary landing website at suffolkcountyny.gov with basic information and department contacts.
Q: Who’s behind the cyberattack?
A: Hackers have not identified themselves, but in post on a dark web leak site on Sept. 15, a group took credit for the breach, saying it was using a type of ransomware known as BlackCat or ALPHV. The post featured county documents such as speeding tickets issued to particular motorists, and a resident's name-change application.
Q: What is ransomware?
A: Ransomware is a form of malware designed to encrypt files on electronic devices, rendering files and the systems that rely on them unusable, according to the U.S. Cybersecurity and Infrastructure Security Agency, established in 2018 to address cyber threats.
Q: How can I protect myself?
A: Anyone with a computer and internet access is at risk of a ransomware attack, according to the federal cybersecurity agency, and even the most advanced tools do not guarantee complete cybersecurity.
But CISA recommends taking the following steps: Update software with the latest patches; avoid clicking links in unsolicited emails; back up data on a regular basis; and choose strong and unique passwords.
On Tuesday, Bellone announced Suffolk would "notify directly any individual whose data may have been exposed and offer free identity theft protection services.”
Q: How do hackers make money using ransomware?
A: They can encrypt data so computer users can’t access it, forcing victims to pay ransom, or threaten to sell data to entities that steal individuals’ identities.
“Ransomware is a really fascinating business model for cybercriminals,” John Bandler, a former prosecutor who has written two books on cybercrime, told Newsday. “When they breach the data and steal it, now they have to resell it. But [with] the ransomware model of cybercrime … they make the organization pay that ransom to get the code to decrypt the data.”
Q: Could my data have been breached in the attack on Suffolk County government?
A: Your data could have been accessed, according to security experts. Cybercriminals who have taken responsibility for the attack have posted images of purportedly stolen Suffolk County documents on the dark web, an anonymized portion of the internet where crime can occur. Some of the posted documents include the names, birthdays, addresses and driver’s license numbers of county residents. .
Q: Have hackers issued any demands to Suffolk County?
A: Yes. In an updated post this week, addressing Bellone by name, hackers said they were requesting an unspecified “small amount” of money for their work "to find vulnerabilities on the Suffolk County computer network." County officials have not said whether attackers had demanded a particular amount.
Q: When will county systems be restored?
A: County officials have not offered a timeline for when systems will be back online. County Comptroller John M. Kennedy Jr. on Tuesday did assure county vendors they will be paid, and said Suffolk County employees will receive their pay on time this week.
Q: What kind of insurance is available for ransomware attacks?
A: Cyber insurance can be purchased to cover legal fees and losses from data breaches and ransomware. Insurance also can cover the cost to comply with regulators’ fees and penalties, replacement of lost data, crisis management and public relations and forensic services to investigate data breaches. Companies and governments can get “third-party coverage” to protect against liability from claims by people who had their privacy compromised and sue for damages.
But the federal Government Accountability Office says insurance and even the federal aid for cyberattacks by terrorists “are both limited in their ability to cover potentially catastrophic losses from systemic cyberattacks … (and) private insurers have been taking steps to limit their potential losses from systemic cyber events.”
Suffolk County does not have cyber security insurance, according to Bellone spokeswoman Marykate Guilfoyle.
Q: How hard is it to catch and prosecute cybercriminals?
An estimated 0.3% of all reported cybercrime complaints are prosecuted because of the difficulty in tracking down attackers, according to the Third Way, a nonprofit think tank in Washington, D.C.
Analysts say perpetrators use proxy servers that can stifle law enforcement and bounce their internet identification numbers across several countries and law enforcement jurisdictions.
'It's disappointing and it's unfortunate' Suffolk Police Officer David Mascarella is back on the job after causing a 2020 crash that severely injured Riordan Cavooris, then 2. NewsdayTV's Andrew Ehinger and Newsday investigative reporter Paul LaRocco have the story.
'It's disappointing and it's unfortunate' Suffolk Police Officer David Mascarella is back on the job after causing a 2020 crash that severely injured Riordan Cavooris, then 2. NewsdayTV's Andrew Ehinger and Newsday investigative reporter Paul LaRocco have the story.