Despite word of ‘radical malware attack,’ it took hours to shut down Suffolk’s computer network


The email sent at 11:18 a.m. on Sept. 8 from a top computer manager at the Suffolk County Clerk’s Office to the Bellone administration’s technology commissioner was as blunt as it was chilling.

“We are currently experiencing a radical malware attack and we shut down all outside access to the systems until such time as we are safe,” said the email, which was obtained by Newsday.

Yet, more than four hours had elapsed before the rest of the county’s computer networks, encompassing nearly 600 servers from Hauppauge to Riverhead, were severed from access to the outside world, starting the clock on the county’s broader response to one of the most devastating ransomware attacks faced by a U.S. municipality of any size in the history of such cyberattacks.

A series of emails obtained by Newsday from the day of the attack and the day prior show that awareness of the attack had been slowly dawning on technology staff and officials in the 24 hours preceding the shutdown. Among those was the actual ransomware message, first circulated at 10:53 a.m. on Sept. 8, 25 minutes before the clerk’s office shut down.

WHAT TO KNOW

  • More than four hours passed between the time Suffolk County was warned of a “radical malware attack” and most of the county’s computer networks were shut down.
  • Emails obtained by Newsday show that awareness of the attack had been slowly dawning on technology staff and officials in the 24 hours preceding the shutdown.
  • The cyberattack on Suffolk could be one of the most expensive attacks in U.S. history on municipal governments.

Whether the four-hour lag in shutting down all county computer networks caused a sizable loss of data is open for debate. One tech expert called it “significant,” but said that considerably more data could have been taken in the days and weeks before the Black Cat/ALPHV message was first noted in a 10:53 email. Suffolk Comptroller John M. Kennedy Jr. said it likely made the difference between the clerk’s unscathed backup data and the impacts that continue to ripple through Bellone administration operations. 

The emails obtained by Newsday provide a limited look inside the attack at the time it was happening, chiefly…

Source…