Update on the Suffolk County cyberattack. Attack on New York emergency response provider compromises customer data.

Summary

By the CyberWire staff

At a glance.

Update on the Suffolk County cyberattack.
Attack on New York emergency response provider compromises customer data.

Update on the Suffolk County cyberattack.

Earlier this month IT administrators in Suffolk County, located in the US state of New York, took the county website and email system offline in response to a cyberincident. It now appears that the incident was caused by a ransomware attack, and the Long Island Press reports that members of the BlackCat (aka ALPHAV) ransomware group have posted documents allegedly stolen in the attack on the underground web, threatening to release more data if their ransom demands are not met. Suffolk County Executive Steve Bellone explained in a statement, “Information posted yesterday on the dark web indicates that a threat actor has claimed responsibility for the current cyber incident in Suffolk County. The county’s incident response team is assessing this information and working closely with law enforcement agencies.” The threat actors claim to have obtained 4 terabytes of data including files from the court system, sheriff’s department, government contracts, and information on private citizens, and have stated, “If the government and its contractors continue to remain silent we will keep publishing.” It’s unclear whether Suffolk County plans to pay the ransom, but they are focused on restoring their network on their own. Bellone added, “These efforts continue and are prioritizing the protection and preservation of critical, sensitive and personal information. The ongoing system integrity evaluation so far indicates that the network infrastructure is intact.” Sachem, NY Patch adds that in the interim, county agencies have “enacted contingency plans and have been providing services through other redundant means and methods” and “the essential work of county government continues.”

Attack on New York emergency response provider compromises customer data.

Also in the state of New York, emergency response and ambulance service provider Empress EMS has disclosed it suffered a ransomware attack that resulted in the exposure of the data of over 300,000 customers. An intruder gained access to Empress EMS’s systems in May, and then in July exfiltrated “a small subset of files” containing patient names, dates of service, insurance information, and, in some cases, Social Security numbers before deploying encryption, a standard double-extortion ransomware attack. Though the company has not disclosed the threat group responsible, BleepingComputer found that on July 26 the Hive ransomware gang prepared a non-public entry on their website for the Empress EMS data leak, and DataBreaches.net yesterday published correspondence conducted between the threat group and Empress. American consumer rights law office Cole & Van Note has announced an investigation into the incident to explore litigation and reimbursement potential for impacted individuals.

Selected Reading

Emotet botnet now pushes Quantum and BlackCat ransomware (BleepingComputer) While monitoring the Emotet botnet's current activity, security researchers found that the malware is now being used by the Quantum and BlackCat ransomware gang to deploy their payloads.

Unholy Triangle (Digital Citizens' Alliance) From Piracy to Ads to Ransomware: How Illicit Actors Use Digital Ads on Piracy Sites to Profit by Harming Internet Users

Uber says “no evidence” user accounts were compromised in hack (The Verge) Uber’s ride-hail and food delivery services are fine too.

Developments in the case of the Uber breach. (CyberWire) Persistent social engineering--pestering, really, that softened employees up for a bogus call from "IT"--appears to have gained a hacker "deep access" to Uber's systems.

Preliminary lessons from the Uber breach (CyberWire) It's still early, but security firms offer a first take on lessons to be learned from the Uber breach.

FBI and CISA Responded to a Cyber Attack and Ransomware Incident on Los Angeles School District (LAUSD) (CPO Magazine) The Los Angeles Unified School District (LAUSD) suffered a cyber attack over the Labor Day holiday weekend, causing “significant disruption” to its digital infrastructure.

‘Threat Actor’ Claims Responsibility For Suffolk Hack On Dark Web (Sachem, NY Patch) "The county's incident response team is assessing this information and working closely with law enforcement agencies," Bellone says.

Hackers Demanding Ransom Leak Files in Suffolk Cyberattack (LI Press) Hackers leaked documents that the cybercriminals stole from Suffolk County servers, which were taken offline last week to contain the damage — and the hackers threatened to leak more if ransom isn’t paid.

New York ambulance service discloses data breach after ransomware attack (BleepingComputer) Empress EMS (Emergency Medical Services), a New York-based emergency response and ambulance service provider, has disclosed a data breach that exposed customer information.