Suffolk County Executive Steve Bellone said Friday the county was investigating the possibility of a ransomware attack on county computer systems, and had taken down all county-managed websites to guard against the potential spread of damage.
Bellone told Newsday on Friday the county temporarily was “operating old school,” with police filing hard-copy reports and some agencies switching to paper record-keeping.
911-emergency systems remained up and running, Bellone said.
The county shut down its systems Thursday night — websites and email servers — after information technology officials noticed unusual computer coding.
Administration officials on Thursday characterized the problem as a possible “cyber intrusion.”
“We’re utilizing paper in different places, police are filing paper reports,” Bellone told Newsday.
“What our focus has been is on continuity of operations,” Bellone said.
“Out of an abundance of caution we’re shutting down systems so they’re not vulnerable while we’re trying to assess what this is exactly, what this cyber intrusion represents,” he said.
“We’re continuing to function, but internally we’re working with each of the departments to make sure they have those plans in place on how to operate in more of a paper based way.”
State Police are helping Suffolk to process fingerprints, Bellone said.
Kees Leune, program director of computer science at Adelphi University, and also the university’s chief information security officer, told Newsday cyberattacks on local governments and private businesses have become more common.
The attackers’ “main goal is to basically capture and hold hostage computer and data stored on that,” Leune said. “If you pay the ransom then there is no problem. If you don’t pay the ransom then you’re back to pen and paper. This is happening all over the world on an alarming scale.”
Leune said the “best practice if you believe you have been affected by a ransomware attack is to start taking many systems offline as soon as you can to prevent [the attack] from spreading.”
Leune said Suffolk law enforcement and consultants likely were, “focusing on identifying what the ransomware is that came in, figuring out how it came in, where it spread to.”
Then their job will be to “clean it up” and “restore” data “from a backup,” Leune said.
“We’re breaking out the fax machines again,” Suffolk County Legis. Kevin McCaffrey (R-Lindenhurst), the legislative presiding officer, told Newsday Friday.
“We’ve gone back to a paper based system but we have prepared for this,” McCaffrey said. “We don’t know what data if any has been compromised, we are continuing to assess the threat.”
McCaffrey continued: “We obviously can’t get the system back up and running and back into place until we’re able to isolate the threat and make sure it doesn’t happen again.”
Suffolk officials said they have reported the suspected cyber intrusion to the state Division of Homeland Security and Emergency Services.
“We can confirm DHSES is providing support at the county’s request, but would refer you to Suffolk County for any official information on the matter,” said Jordan Guerrein, spokesman for the state agency.
With Michael Gormley