Suffolk County Executive Steve Bellone said the county was probing...

Suffolk County Executive Steve Bellone said the county was probing a possible ransomware attack, and had taken down all county-run websites as a precaution. Credit: Randee Daddona

Suffolk County Executive Steve Bellone said Friday the county was investigating a possible ransomware attack on county computer systems, and all county-managed websites had been taken down to guard against the potential spread of damage.

Bellone told Newsday on Friday the county temporarily was "operating old school," with police filing hard-copy reports and many agencies switching to paper record-keeping.

Computer systems were shut down after officials detected "suspicious activity," Bellone said, resulting from a suspected "cyber intrusion."

"We're utilizing paper in different places, police are filing paper reports," Bellone told Newsday.

"What our focus has been is on continuity of operations," Bellone said.

"Out of an abundance of caution, we're shutting down systems so they're not vulnerable while we're trying to assess what this is exactly, what this cyber intrusion represents," he said.

"We're breaking out the fax machines again," Suffolk County Legis. Kevin McCaffrey (R-Lindenhurst), the legislative presiding officer, told Newsday Friday.

The shutdown of county systems had wide-ranging effects.

With the county's main website, www.suffolkcountyny.gov, out of commission, links to numerous county agencies, including the district attorney's office, the parks department and the county comptroller, weren't working.

Comptroller John Kennedy said the county on Monday will not be able to send $15 million to $20 million in scheduled checks to vendors, including utility companies and engineering firms.

"This has disrupted the normal schedule for vendor payments," Kennedy told Newsday.

On Friday, Suffolk disclosed to financial markets that "county information technology personnel became aware of a cyber intrusion to the County system and, out of an abundance of caution, the system has been locked down. The County continues to investigate the incident and is working with its partners at the federal and state level to assess any impact."

Suffolk caught one break: paychecks to some 10,000 county employees went out as scheduled on Thursday, before systems were shut down.

Also, 911 emergency systems were up and running, and New York State Police were helping the county with processing of fingerprints, county officials said.

The county took down its systems Thursday night after information technology officials noticed unusual computer coding, Bellone said.

"None of this is obvious," Bellone said. "We don't know what the origin of this is yet, but we are aware that there are cybercriminals out there that are constantly operating."

Bellone continued: "They certainly do not make it plain what they are doing. But you start to see some unusual activity. You ask questions. So over the last two days that was detected by IT personnel in the county, and we began the process of doing an internal assessment and then reaching out to partners."

Kees Leune, program director of computer science at Adelphi University, and also the university's chief information security officer, told Newsday cyberattacks on local governments and private businesses have become more common.

The attackers' "main goal is to basically capture and hold hostage computer and data stored on that," Leune said.

"If you pay the ransom then there is no problem," Leune said. "If you don't pay the ransom then you're back to pen and paper. This is happening all over the world on an alarming scale."

Leune said the "best practice if you believe you have been affected by a ransomware attack is to start taking many systems offline as soon as you can to prevent [the attack] from spreading."

Leune said Suffolk law enforcement and consultants likely were "focusing on identifying what the ransomware is that came in, figuring out how it came in, where it spread to."

Then their job will be to "clean it up" and "restore" data "from a backup," Leune said.

Suffolk officials said they had reported the suspected cyber intrusion to the state Division of Homeland Security and Emergency Services.

“We can confirm DHSES is providing support at the county’s request,” said Jordan Guerrein, spokesman for the state agency.

County officials did not say how long the system takedown was expected to last.

"We obviously can't get the system back up and running and back into place until we're able to isolate the threat and make sure it doesn't happen again," McCaffrey said.

With Michael Gormley

Latest videos