Here’s how Yonkers and Albany recovered from ransomware attacks
ALBANY — Yonkers and Albany officials know the long, painstaking and costly recovery that Suffolk County is facing since it experienced a cyber-incursion in September. Each survived ransomware attacks.
The intrusions revealed warnings, mistakes and successes after hackers demanded ransom and threatened to grind the governments to a halt. And even though each city refused to pay the hackers’ ransom, the cost of recovery was steep.
In Suffolk, officials said some residents’ “personal information” was accessed in the Sept. 8 attack and urged them to closely monitor their bank accounts and credit reports. The hackers are seeking an unspecified “small reward” for identifying vulnerabilities in the system. The county didn’t have cybersecurity insurance.
Albany’s computer system was attacked at 4 a.m. on a Saturday, March 30, 2019.
“The lights [were] off, or appeared to be off,” said Rachel McEneny, the city’s commissioner of administrative services.
By 11 a.m., the attack was mostly over. Critical systems were intact, including human resources data, and there was no interruption of 911 calls or water service. The city shut down the attack before the ransomware hit the payroll and purchasing programs, but the hard and expensive work of restoring data and repairing damage had just begun, McEneny said.
Some data, such as building permits, was lost and took months to restore, McEneny added.
The attack cost Albany $300,000 for software, hardware and consultants, and the city increased its cybersecurity budget by 25%.
The lessons learned included the need to buy cybersecurity insurance and to bolster staff and resources. Managers also reminded workers to adhere to “cyber-hygiene.” That means workers need to be reminded that they can’t use their government computers or programs to check personal email, social media or to shop online.
Within a few hours of the attack, it was believed to have been stopped by blocking off programs, including police and fire dispatching, 911 emergency calls, and all the essential, daily services of local governments. Other data, such as reams of birth and death records, was lost, and officials believed the database…