Suffolk County's ransomware incident characterized by disregard for preparation and neglect of warnings.
In a shocking turn of events, Suffolk County, New York, was hit by a ransomware attack in September 2022, causing disruptions to essential government services for months. A recent report by a special legislative committee has shed light on the factors that contributed to this cyber incident.
The report cites a failure of leadership, including the lack of an incident response plan and failure to respond to FBI warnings, as contributing factors to the attack. The county, which operated using a variety of IT teams and had no Chief Information Security Officer (CISO), faced a lack of coordination on how to prepare for potential cyber threats.
The threat group behind the attack was linked to the AlphV/BlackCat, one of the most active in recent years. They gained entry to the Suffolk County systems by exploiting a vulnerability in Log4j. The pass-through, which allowed data traffic to move through firewalls connected to the Suffolk County Clerk's office, was also revealed in the report.
During the attack, the hackers encrypted county data and demanded a ransom. The county's main website was unavailable for five months. The ransomware attack has cost the county more than $25 million in remediation costs and other expenses, and at the time, the county had no insurance coverage.
The county is now in the process of recruiting a CISO, as stated by Richard Donoghue, a partner at Pillsbury. The firewalls have since been updated, and a decision on the recruitment of a CISO is soon expected.
The Suffolk County ransomware incident underscores the common cybersecurity challenges faced by U.S. municipal governments. These challenges include limited security budgets and resources, less mature security programs, human and process vulnerabilities, outdated hardware and unpatched systems, sophisticated and targeted attacks, cloud application misconfigurations and third-party risks, and slow incident reporting and lack of coordinated response.
Addressing these challenges requires investment in cybersecurity resources, implementing frameworks like NIST CSF, enhancing employee training, timely incident reporting, and modernizing IT infrastructure to build resilience against future attacks.
Before the attack, in June 2022, a special agent from the FBI warned the county by phone of suspicious traffic that could be linked to malware. There were also alerts of suspicious activity from Palo Alto Network's Cortex platform in the months leading up to the attack. Despite these warnings, the county failed to communicate numerous problems with their IT systems dating back for years, as stated by Suffolk County Legislator Anthony Piccirillo.
The 911 operations were temporarily disrupted during the attack, adding to the urgency of improving cybersecurity measures in local governments. The hope is that the lessons learned from the Suffolk County ransomware attack will serve as a catalyst for change, leading to stronger cybersecurity practices and protections for municipalities across the United States.
- The report on the Suffolk County ransomware attack revealed that a lack of an incident response plan and failure to respond to FBI warnings were contributing factors to the cyber incident.
- The threat group responsible for the attack was linked to AlphV/BlackCat, one of the most active in recent years, and they gained entry to Suffolk County systems by exploiting a vulnerability in Log4j.
- During the attack, the hackers encrypted county data, demanded a ransom, and the county's main website was unavailable for five months, costing the county more than $25 million in remediation costs and other expenses.
- Addressing the cybersecurity challenges faced by U.S. municipal governments, such as limited security budgets and resources, outdated hardware, and slow incident reporting, requires investment in cybersecurity resources, implementing frameworks like NIST CSF, enhancing employee training, timely incident reporting, and modernizing IT infrastructure.
- The Suffolk County ransomware attack serves as a catalyst for change, leading to stronger cybersecurity practices and protections for municipalities across the United States, with the hope that lessons learned will prevent similar incidents in the future.
