[BreachExchange] New York County Rebuilds Cyberdefenses After Attack

[Destry Winant]

https://www.govtech.com/security/New-York-County-Rebuilds-Cyberdefenses-After-Attack.html

(TNS) — Chenango County has nearly recovered from a cyberattack that
affected about half the county government's 400 computers late last
year.

The last of the affected desktops and one server, which contains
mostly archival materials, are being restored, according to Herman
Ericksen, county director of information technology.

"We're getting towards the end," he said.

About 200 county employees were locked out of their computers Oct. 18
in an apparent ransomware attack. The attackers — likely based in Hong
Kong, according to Ericksen — demanded $450 for the release of each
machine, totaling around $90,000, which the county refused to pay.

The attack primarily targeted the county's email system and was likely
compromised by a remote login, the use of which has significantly
increased since the onset of the coronavirus pandemic, Ericksen said.
It affected computers in every department except the sheriff's office
and social services, which rely primarily on an independent network.

In October, shortly after the initial attack, the Chenango County
Board of Supervisors allocated $200,000 from unexpended reserves to
cover the "ongoing expenses," according to Lawrence Wilcox, Oxford
town supervisor and chair of the board.

About $85,000 will be used to switch the county computers over to the
Microsoft Office 365 suite, which is cloud-based, according to
Ericksen.

Office 365 is a subscription service and will require further
budgetary allocations in the future, he said, though likely not as
much as the initial transition cost.

The ransomware attack remains under investigation by New York State
Police and the Federal Bureau of Investigation, which have not issued
any updates, according to Wilcox.

A series of computer logs were sent for examination by the New York
State Department of Homeland Security, Ericksen said, and data was
successfully restored to the computers that were wiped.

"We were lucky," Ericksen said. "We had good back-ups."