New York’s Suffolk County Spends $16.4 Million to Recover from Ransomware Attack

bitdefender online store

Sources familiar with the effects of last year’s ransomware attack on Suffolk County in the state of New York say the incident has forced government officials to spend in excess of $16 million on recovery efforts.

Hackers initially penetrated Suffolk’s computer system on Dec. 19, 2021. As reported by the NY Times, the attackers made their way in by exploiting a flaw in “an obscure but commonplace piece of software” via the county clerk’s office.

The attack sent government institutions back to pen and paper and fax machines. Officials on Long Island disabled email for all 10,000 civil service workers in an effort to stave off the infection.

“Hackers spent much of the next year at large in the clerk’s system, the investigation found, ultimately managing to breach the wider county network in late summer, before they revealed themselves in September, posting ransom notes on the dark web,” the Times reported. “In response, the county took itself offline, and did not pay. On Wednesday, officials revealed for the first time the amount of ransom the hackers demanded: $2.5 million.”

Although it refused to pay ransom, Suffolk County was forced to spend some $5.4 million on investigation and restoration, as well as $12 million for new hardware and software, according to The Register, citing a post-breach report.

The BlackCat ransomware crew was behind the attack, county officials said. The hacking outfit is also known as ALPHV.

Suffolk County executive Steven C. Bellone said at a press conference that the IT director for the clerk’s office responsible for letting in the hackers had been put on paid administrative leave. Bellone said the director, Peter Schlusser, acted in “an incredibly nonchalant manner” regarding his office’s cybersecurity in the lead-up to the attack, having failed to update IT infrastructure for decades.

Schlusser reportedly defended himself, saying he alerted Bellone’s IT team to potential intrusions months before the attack, and warned the FBI that an active ransomware campaign was targeting the county shortly before the attack was uncovered.

The county’s IT network is largely back online, “but several workarounds remain in place,” the Times reports. The investigation into the attack is still ongoing.