At a glance.
- Update on the Suffolk County cyberattack.
- Attack on New York emergency response provider compromises customer data.
Update on the Suffolk County cyberattack.
Earlier this month IT administrators in Suffolk County, located in the US state of New York, took the county website and email system offline in response to a cyberincident. It now appears that the incident was caused by a ransomware attack, and the Long Island Press reports that members of the BlackCat (aka ALPHAV) ransomware group have posted documents allegedly stolen in the attack on the underground web, threatening to release more data if their ransom demands are not met. Suffolk County Executive Steve Bellone explained in a statement, “Information posted yesterday on the dark web indicates that a threat actor has claimed responsibility for the current cyber incident in Suffolk County. The county’s incident response team is assessing this information and working closely with law enforcement agencies.” The threat actors claim to have obtained 4 terabytes of data including files from the court system, sheriff’s department, government contracts, and information on private citizens, and have stated, “If the government and its contractors continue to remain silent we will keep publishing.” It’s unclear whether Suffolk County plans to pay the ransom, but they are focused on restoring their network on their own. Bellone added, “These efforts continue and are prioritizing the protection and preservation of critical, sensitive and personal information. The ongoing system integrity evaluation so far indicates that the network infrastructure is intact.” Sachem, NY Patch adds that in the interim, county agencies have “enacted contingency plans and have been providing services through other redundant means and methods” and “the essential work of county government continues.”
Attack on New York emergency response provider compromises customer data.
Also in the state of New York, emergency response and ambulance service provider Empress EMS has disclosed it suffered a ransomware attack that resulted in the exposure of the data of over 300,000 customers. An intruder gained access to Empress EMS’s systems in May, and then in July exfiltrated “a small subset of files” containing patient names, dates of service, insurance information, and, in some cases, Social Security numbers before deploying encryption, a standard double-extortion ransomware attack. Though the company has not disclosed the threat group responsible, BleepingComputer found that on July 26 the Hive ransomware gang prepared a non-public entry on their website for the Empress EMS data leak, and DataBreaches.net yesterday published correspondence conducted between the threat group and Empress. American consumer rights law office Cole & Van Note has announced an investigation into the incident to explore litigation and reimbursement potential for impacted individuals.