Cyber Incident Victim: Suffolk County Council
Date:
Sep 2022
Location:
United States of America
Summary
A ransomware attack disrupted Suffolk County's computer systems, prompting officials to shut down networks and implement manual processes across multiple agencies. The incident forced operations to rely on paper-based systems, fax machines, and alternative communication methods, with police isolating external-facing systems and activating legacy 911 protocols resembling pre-digital workflows. While critical services like emergency response maintained functionality without increased delays, the county's main website and email systems remained inaccessible, affecting public access to online services. Officials confirmed no compromise to public safety but acknowledged ongoing restoration challenges, with cybersecurity teams working to resolve lingering technical issues. The attack highlighted dependencies on digital infrastructure, requiring temporary staffing increases to manage manual record-keeping and public communications via text, social media, and direct outreach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 8, 2022, Suffolk County officials detected suspicious activity indicative of a potential cyber intrusion, prompting an immediate shutdown of county computer systems to contain the threat. County Executive Steve Bellone confirmed the incident on September 9, acknowledging the disruption to the county’s primary website (suffolkcountyny.gov) and affiliated agency portals, including those of the comptroller, district attorney, and parks department. By September 11, the website remained offline, with critical links still nonfunctional. The Suffolk Police Department implemented contingency measures within hours of the attack, isolating all technology systems connected to external networks and activating a manual 911 call-handling system reminiscent of 1990s operations. This involved handwritten incident documentation and physical runners relaying information to dispatchers, a process police described as seamless with no degradation in emergency response times. Multiple county agencies transitioned to paper-based workflows, utilizing fax machines, physical forms, and non-web-dependent methods to maintain essential services for residents.
The county’s cybersecurity team collaborated with external experts to investigate the suspected ransomware attack, though officials refrained from confirming definitive attribution or motive as of September 11. Email systems remained impaired four days post-incident, complicating internal and external communications. Police adopted alternative outreach methods—including text alerts, social media updates, direct calls, and in-person meetings—to disseminate sensitive information. While core public safety operations were preserved, ancillary services like online payment processing and red light camera systems experienced prolonged outages. County spokeswoman Marykate Guilfoyle characterized the recovery timeline as uncertain, emphasizing ongoing efforts to restore full functionality without compromising forensic investigations. No evidence suggested resident data compromise, though experts cautioned that prolonged downtime could strain public trust once systems resumed normal operations.