Hackers Demanding Ransom Leak Files in Suffolk Cyberattack

Suffolk County cyberattack
Getty Images

Hackers Demanding Ransom Leak Files in Suffolk Cyberattack

Hackers leaked documents that the cybercriminals stole from Suffolk County servers, which were taken offline last week to contain the damage — and the hackers threatened to leak more if ransom isn’t paid.

County officials confirmed Friday that hackers posted information online claiming responsibility for the incident. A screenshot of the post shared on a blog that tracks data breaches suggests that the hackers shared some of the documents online to cajole officials into negotiating.

“Information posted yesterday on the dark web indicates that a threat actor has claimed responsibility for the current cyber incident in Suffolk County,” Suffolk County Executive Steve Bellone said in a statement. “The county’s incident response team is assessing this information and working closely with law enforcement agencies.”

The breach appears to be the most high-profile cyberattack ever against a government entity on Long Island. Local school districts have been target of such attacks over the years, but the Suffolk cyberattack is the first known incident to disrupt an entire county’s operations in the region.

On Tuesday, county officials maintained that it was business as usual despite the county website and email system being taken offline on Sept. 8. Local lawmakers have been sharing their personal email addresses on their social media accounts in order to remain accessible to constituents and many county government tasks typically performed online have been converted to paperwork.

According to DataBreaches.net, a blog that tracks such cyber incidents, the attack is attributed to a type of ransomware — malicious computer code that holds web-based data hostage unless demands for payment are made — known as BlackCat. A screenshot of the purported message dated Thursday states that the hackers have 4 terabytes of data that includes files from the court system, sheriff’s department, government contracts and information on private citizens.

“Due to the fact that Suffolk County Government and the aforementioned companies are not communicating with us, we are publishing sample documents extracted from the government and contractor network,” the message stated. “If the government and its contractors continue to remain silent we will keep publishing.”

County officials say they’re working to repair the damage done.

“The County’s Information Technology Department has spearheaded an enterprise-wide effort to evaluate the impact of this cyber-incident to proceed with the safe and secure restoration of servers,” Bellone said. “These efforts continue and are prioritizing the protection and preservation of critical, sensitive and personal information. The ongoing system integrity evaluation so far indicates that the network infrastructure is intact.”

The county website has been down since Sept. 8. The county legislature’s website, however, has remained online throughout the incident. Neither the county nor the hackers’ message indicated a dollar amount for the ransom being demanded.

The county has temporarily replaced the website with a landing page that is serving as a directory of alternative email addresses to contact for each department. Critical emergency services, such as 911 and 311, have been fully operational throughout.

New York State Police troopers are assisting the Suffolk County Police Department to conduct “business as usual,” including fingerprinting and running data at traffic stops, among other tasks.