Cyber Incident Victim: Schenectady County

On December 12, 2018, Schenectady County, New York, government employees discovered a cyberattack affecting their network, prompting immediate containment measures. The county took its primary government website offline to mitigate the threat and initiated an investigation into the malware incident. Officials estimated network restoration would require approximately one week, during which the website remained intentionally inaccessible to the public. Critical infrastructure and services maintained operations despite the disruption, including emergency 911 dispatching, Glendale Nursing Home facilities, Board of Elections systems, public health services for seniors and long-term care patients, Department of Social Services functions, and county library systems. The attack exclusively targeted the county’s administrative network rather than these segregated operational systems. No ransomware demands or explicit threat actor claims were reported in available documentation during the initial response phase.

County authorities collaborated with cybersecurity experts to assess the malware’s impact while maintaining essential services through alternate protocols. A spokesperson confirmed no evidence of data exfiltration or unauthorized access to sensitive information as of the initial assessment, though forensic analysis continued. The deliberate decision to keep the website offline throughout the restoration period aimed to prevent potential reinfection or secondary attacks. Service disruptions were confined to digital platforms tied to the primary county network, with physical offices maintaining standard operations using unaffected internal systems. Recovery efforts focused on cleansing infected systems and restoring secure backups without specifying whether the malware variant was identified. The incident concluded with the county reactivating its digital services following the projected one-week remediation timeline.