What Suffolk County has to do to recover from crippling cyberattack

The costly, painstaking process of rebuilding Suffolk County’s computer networks in the wake of a ransomware attack may be complicated by uncertainties about how the attack occurred, how much data was lost and whether hackers can re-exploit vulnerabilities, experts say.

One month after BlackCat AlphV’s intrusion on Suffolk networks was discovered and the county was forced to stop it with measures as blunt as physically pulling network cables from their sockets, only parts of the vast system of police, court, health department and real estate systems are back online, some in limited form. Email and phone systems were widely affected, and a source with knowledge of the situation said there are questions about whether years of email records can be restored. 

“You have to make a determination on how to wall off your network,” said Mike Balboni of the Manhattan consulting firm Redland Strategies, which has been a computer security contractor to the county. He declined to discuss specifics of the attack.

Suffolk’s main vendor for firewalls, PaloAlto Networks, also declined to discuss what happened. 

“For this story, we’re not going to be able to assist with your questions, but I appreciate you reaching out,” Kelly Kane, PaloAlto senior manager for threat communications, said in an email.

The Sept. 8 attack infiltrated departments across the sprawling county system, from the Department of Health to the county clerk, affecting the ability of the police to write tickets and the government to make payments to vendors and local governments and provide certain real estate records…