‘Threat Actor’ Claims Responsibility For Suffolk Hack On Dark Web

HAUPPAUGE, NY — Information posted yesterday on the dark web indicates that a threat actor has claimed responsibility for the current cyber incident in Suffolk, County Executive Steve Bellone confirmed to Patch on Friday.

“The county’s incident response team is assessing this information and working closely with law enforcement agencies,” he said.

In a tweet Thursday, a Twitter user posted that the group BlackCat (ALPHAV)’s ransomware team “hit” Suffolk County government.

The post contained a screenshot of what appeared to be a blog post by the group saying Suffolk was “attacked.”

“Along with the government network, the networks of several contractors were encrypted as well,” the post read. “Due to the fact that Suffolk County Government and the aforementioned companies are not communicating with us, we are publishing sample documents extracted from the government and contractor network.”

Bellone said the county agencies have “enacted contingency plans and have been providing services through other redundant means and methods” and “the essential work of county government continues.”

“The county’s Information Technology Department has spearheaded an enterprise-wide effort to evaluate the impact of this cyber-incident to proceed with the safe and secure restoration of servers,” he said.

Bellone continued by saying that “these efforts continue and are prioritizing the protection and preservation of critical, sensitive and personal information.”

“The ongoing system integrity evaluation so far indicates that the network infrastructure is intact,” he added.

The county's website was shut down last Thursday after unusual activity was noticed.

Related Stories:

• Suffolk To Pay Nonprofits By Check In Wake Of Cyber Attack: Report
• Suffolk Exec Says 'Cyber Intrusion' Has Hallmarks Of Ransomware
• After Possible Cyberattack, Suffolk Deploys Manual Record-Keeping
• Suffolk County's Websites/Email Down Due To Possible Hack: Report

Bellone on Tuesday said the county's webpages and email were shut down to assess a cyber intrusion after some unusual activity, now believed to involve malware.

County officials shut down web and email functions while the intrusion was monitored using an "abundance of caution," Bellone told reporters at a press briefing in Hauppauge.

Investigators say the attack has "all of the hallmarks of ransomware," though no specific demand has been made of the county, Bellone said, adding that the ongoing probe is still in its early stages.

"The reality that we are living in today is that we are in the digital age," he said. "We are in the information age. The notion of hacking your computer has been around a long time, but the sophistication with which threat actors are operating grows every single day as this technology evolves."

"But, unfortunately, no organization public or private is immune from these types of cyber intrusions," he added.

The county's infrastructure has been "hardened" over the years, and county officials are continuing to provide their employees "with the tools to help afford and mitigate these types of incidents," Bellone said.

In the meantime, the county is launching a temporary landing page with information for each county department and agency, as well as directions for residents to access frequently used services.

Officials are also activating a number of county email addresses that are commonly used by the public "to further enhance the flow of communications," Belllone said.

Investigators do not believe that there was a privacy breach involving county residents or employees, though it is being investigated, officials said.