Forensic report on Suffolk cyberattack shows 71 systems encrypted by ransomware

Suffolk County has announced it has completed the forensic investigation into the cyberattack that happened on Sept.8.

Rachel Yonkunas

Apr 12, 2023, 3:07 PM

Updated 376 days ago

Share:

Suffolk County's cybersecurity firm, Palo Alto, has completed their forensic analysis into how hackers bypassed their firewall and infiltrated government systems.
The full report states that cybercriminals accessed the clerk, county, health and sheriff domains, compromising 139 systems and encrypting 71 systems with ransomware.
County officials would not release more details about the type of sensitive data that was stolen, but Team 12 Investigates has previously reported that it includes at least 26,000 social security numbers and more than 470,000 driver's license numbers.
The forensic analysis discovered that cybercriminals gained entry to county systems by mining a software flaw, known as a Log4J vulnerability, in the County Clerk's system. County Executive Steve Bellone said that security weakness was known, and ignored, by the Clerk's Office for seven months.
"The main causes of this cyberattack are clear," said Bellone. "It's a failure to address the Log4J vulnerability in the clerk's office, the unprotected IronKey folder on the clerk's network, the clerk's segregated IT structure and them withholding information. Everything else is a distraction from the truth."
The clerk's IT director, Peter Schlussler, has been on paid administrative leave since December. County officials said he did not implement critical security upgrades, ignored red flags of a cyber threat and obstructed access to their systems after the Sept. 8 cyberattack, which allegedly delayed the restoration and recovery process by months.
The full forensic audit by Palo Alto is now being reviewed by the special legislative committee tasked with doing their own investigation into the cyberattack. The Cyberattack Investigation Committee is chaired by Legislator Anthony Piccirillo.
"We have been conducting witness interviews through this process and this was a big piece of the puzzle that we need to now have our experts look at, decipher, and then sit with us and basically go through it page by page," said Piccirillo.
County officials said the forensic audit shows that the impact of the cyberattack was limited to less than two percent of county systems. However, it still took months to rebuild servers and bring services back online.
"After containment, you work to eradicate what was in the system, what malware was there. You pull it all off," explained Chief Deputy County Executive Lisa Black. "Then, you move into restoration process where you have to test the system to make sure they can speak to each other, that the networks are communicating appropriately. Rebuild appropriately. Then you move to the lessons learned and that's where we are now."
A third, criminal investigation is ongoing. The district attorney's office has released few details about what it entails.


More from News 12
1:50
Sachem schools consider staffing and program cuts, piercing tax cap as budget vote looms

Sachem schools consider staffing and program cuts, piercing tax cap as budget vote looms

2:26
Sunny and mild Tuesday before rain returns Wednesday

Sunny and mild Tuesday before rain returns Wednesday

0:17
Flames rip through North Amityville home

Flames rip through North Amityville home

0:51
NCC working with food truck vendors to provide food for rest of semester

NCC working with food truck vendors to provide food for rest of semester

0:26
USDA warns of ground beef that may be contaminated with E.coli

USDA warns of ground beef that may be contaminated with E.coli

Is your mom awesome? Long Island tell us why your Mom Rocks!

Is your mom awesome? Long Island tell us why your Mom Rocks!

1:42
Made on Long Island: Nicolock Paving Stones in Lindenhurst

Made on Long Island: Nicolock Paving Stones in Lindenhurst

0:48
9 steps to take if your ‘fur-ever’ friend goes missing

9 steps to take if your ‘fur-ever’ friend goes missing

0:51
State police: Trooper struck in the face by combative driver during Southern State Parkway traffic stop

State police: Trooper struck in the face by combative driver during Southern State Parkway traffic stop

1:54
Ronkonkoma woman pleads not guilty to 49 counts of animal cruelty

Ronkonkoma woman pleads not guilty to 49 counts of animal cruelty

1:33
Hampton Bays woman retrieves phone, wallet she accidently dumped into recycling bin nearly 3 weeks ago

Hampton Bays woman retrieves phone, wallet she accidently dumped into recycling bin nearly 3 weeks ago

1:55
Long Islanders taught about dangers of toxic pollutants in drinking water

Long Islanders taught about dangers of toxic pollutants in drinking water

0:16
Police: Long Beach man punched nurse in abdomen at Mount Sinai South Nassau Hospital

Police: Long Beach man punched nurse in abdomen at Mount Sinai South Nassau Hospital

1:59
Long Island gets introduced to matzah pizza; proceeds will go toward charities

Long Island gets introduced to matzah pizza; proceeds will go toward charities

0:32
Spartans chosen as new mascot for Brentwood school district

Spartans chosen as new mascot for Brentwood school district

0:19
Police: 2 people hospitalized following Lawrence crash

Police: 2 people hospitalized following Lawrence crash

2:12
Amityville schools to receive $2 million from new state budget to help reduce budget deficit, save jobs

Amityville schools to receive $2 million from new state budget to help reduce budget deficit, save jobs

0:17
Man wanted for stealing $1,000 in merchandise from Centereach store

Man wanted for stealing $1,000 in merchandise from Centereach store

1:30
Paws & Pals: Dogs up for adoption at Brookhaven Animal Shelter on April 22

Paws & Pals: Dogs up for adoption at Brookhaven Animal Shelter on April 22

0:48
Nonprofit environmental group hosts discussion on climate change at Jones Beach event

Nonprofit environmental group hosts discussion on climate change at Jones Beach event