Oyster Bay’s computer systems were expected to be restored Tuesday after a nearly two-week outage that began with suspicious email activity, a town official said in a statement.
"Today, all systems are coming back online and are currently free of all cyber concerns," Oyster Bay Inspector General Brian Noone said in a statement.
Officials are still trying to determine the cause of the problems, town spokesman Brian Nevin said Tuesday. Noone said an outside contractor continues to run diagnostic scans to determine if data was corrupted.
State Comptroller Thomas DiNapoli’s office said Tuesday it would consider auditing the town’s computer systems.
"We are concerned about the matter in Oyster Bay and are prepared to commit the resources to conduct an IT audit," DiNapoli spokeswoman Tania Lopez wrote in an email.
County Executive Laura Curran on Monday said the outage that began Dec. 3 had been "unacceptable."
Nevin said town email was being restored over Monday and Tuesday and that Oyster Bay had continued to operate during the outage using phones and in-person communication.
Noone said in his statement that the town shut down all computers and applications and disconnected from the internet after "an operational anomaly in the Town’s email system appeared on Friday December 3rd when random emails were sent from Town accounts." That action quarantined all personal computers to protect data while they analyzed possible threats, Noone said.
The town removed 26 hard drives from computer work stations after a review of activity logs uncovered issues that "raised concern," Noone said.
Oyster Bay restored its computer systems while "monitoring logs and systems to capture any potential abnormalities," Noone said, adding that the process may have been slow but that it would put the town in a better position to protect itself against future threats.
The town declined to make Noone available for an interview.
Joel Caminer, director of cybersecurity education at New York University’s Tandon School of Engineering, said Noone’s statement raises questions about what happened but also showed concrete actions taken to address the situation.
"They don’t explicitly say what activity they detected or uncovered in their forensic analysis, so it still raises the question as to exactly what was happening, and by whom," Caminer wrote. "With the increase in ransomware attacks ... it was a prudent decision to disconnect from the internet, shut their systems down, perform additional analysis, and add layers of protection and control before restoring their systems back to production in a managed manner."