The legislative committee formed to investigate the Suffolk County ransomware attack will use its subpoena powers for the first time. To get the witnesses talking, the committee has decided to take the stringent step of summoning four IT employees.
The employees refused to give testimony voluntarily and hence the committee had to use subpoenas to compel them to move the case forward. So far, nine witnesses have been interviewed in regard to the September Suffolk County cyber attack.
County Executive Steve Bellone agreed that they did not execute the recommendations regarding cybersecurity assessments in 2019. They did not opt for cyber insurance or a cyber remediation plan either.
Post the Suffolk County ransomware attack, a Chief Information Officer was appointed.
Palo Alto Networks, the county’s cybersecurity firm, disclosed that over 500,000 people were impacted by the Suffolk County data breach. Social security numbers of 26,000 county employees were accessed by the group.
The cybercriminals got access to the systems by bypassing the firewall and exploiting a weakness in the County Clerk’s network. The ransomware encrypted 71 county systems.
What was missed that helped the Suffolk County ransomware attack
The county has spent $6.5 million since 2019 on better cybersecurity. However, the staff did not opt for two-factor authentication, which they later did after partially recovering from the Suffolk County ransomware attack.
It was found that Suffolk County was still using legacy systems. Speaking about the use of old technology, Benjamin Voce-Gardner, the director of the Office of Counter Terrorism said that municipalities cannot afford to modernize.
The operating budget was increased by $9 million for better cybersecurity in 2023. And the creation of a committee with subpoena power to further investigate the Suffolk County ransomware attack was announced to be formed.
The Suffolk County ransomware attack
When the antivirus software, which maintained cybersecurity in nearly 20 county agencies, began sending alerts on September 8, 2022, the staff realized that something was amiss.
The systems catered to the various departments including the police of the Department of Social Services, and the Division of Soil and water conservation, were promptly shut down.
Emails for all the 10,000 civil service employees were disabled to curb further damage.
Addressing the shutting down post the Suffolk County ransomware attack Lisa Black, the chief deputy county executive said, “By 4 p.m. that day, we made a decision: We were just going to turn off the internet to further contain this,” according to The New York Times.
Work after the Suffolk County ransomware attack
The shutting down of the internet after the Suffolk County ransomware attack compelled the staff to manually enter data and look for information like in the era before the internet world.
The emergency dispatchers had to take the 911 calls by hand, access to geolocation was available, police officers were not able to send emails and instead used the radio at the crime scene, and so on.
This continued for weeks until most of the systems were restored, sparing a few.
It took months until early November, to regain access to most of the email accounts of county staff. However, the emails of most county staff were lost in the Suffolk County ransomware attack.
BlackCat and the Suffolk County ransomware attack
BlackCat or ALPHV ransomware group claimed the Suffolk County ransomware attack.
BlackCat exploited a vulnerability to hack the systems early in December 2021, according to the forensic investigations. They demanded a ransom of $2.5 million. The county officials denied paying a ransom.
Official documents including contracts with the State of New York, office records from the Sheriff’s office, and the records of Suffolk County Court were exfiltrated by BlackCat.
Furthermore, the group stole personal information including driver’s license numbers of nearly 470,000 who were linked to moving violations.
In all the BlackCat group exfiltrated nearly 4TB of data from the Suffolk County ransomware attack. The case is under investigation by the Suffolk County district attorney and the Federal Bureau of Investigation.
