Skip to main content
close search
site logo
Dive Brief

Suffolk County ransomware attack linked to lack of planning, ignored warnings

A special report blames county officials for ignoring FBI warnings during the 2022 attack and an overall failure of IT and security leadership.

Published Sept. 18, 2024
David Jones's headshot
Reporter
The red lock and its structure explode in a digital computer setting.
TU IS via Getty Images

Dive Brief:

  • A special legislative committee in Suffolk County, New York, found officials ignored repeated warnings and failed to prepare ahead of a September 2022 ransomware attack that disrupted essential government services for months, in a report released last week.
  • Officials blamed the ransomware attack on a failure of leadership, including the lack of an incident response plan and a failure to respond to FBI warnings of potential infiltration. 
  • Suffolk County operated using a variety of IT teams and had no CISO, resulting in a lack of coordination on how to prepare for potential cyber threats. The attack has so far cost the county more than $25 million in remediation costs and other expenses.

Dive Insight:

The report illustrates the potential risks facing municipal governments across the U.S., which are often facing inadequate budget allocation, personnel shortages, aging technology and other resource constraints. Legislative officials said the county failed to communicate numerous problems with their IT systems dating back for years. 

A pass-through was created that allowed data traffic to move through firewalls connected to the Suffolk County Clerk’s office, according to the report. Numerous firewalls had reached end-of-life status and were no longer receiving security upgrades.

“We learned now that we did not get information dating back to 2017 showing that our IT systems were really under critical threat,” said Suffolk County Legislator Anthony Piccirillo, who led the committee investigating the attack. 

The September 2022 attack was linked to the prolific AlphV/BlackCat threat group, among the most active in recent years. The threat group gained entry to the Suffolk County systems by exploiting a vulnerability in Log4j, according to the report. 

A special agent from the FBI in June 2022 warned the county by phone of suspicious traffic that could be linked to malware, according to the report. There were also alerts of suspicious activity from Palo Alto Network’s Cortex platform in the months leading up to the attack. 

During the attack, the hackers began encrypting county data and demanded a ransom. The county’s main website was unavailable for five months, 911 operations were temporarily disrupted and residents could not pay traffic tickets. 

Officials confirmed the county also had no insurance coverage at the time, which has been an issue for local governments across the U.S. 

The pass-through has since been closed and the firewalls have since been updated, according to Richard Donoghue, a partner at Pillsbury, author of the report and special counsel to the committee, said via email. 

The county is in the process of recruiting a CISO and a decision is soon expected.

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell