Southold turns 'creative' in recovery from cyberattack

An around-the-clock recovery effort is underway in Southold after last week’s ransomware attack  impeded operations at Town Hall, officials said.

The attack knocked out access to town email and servers, forcing many town departments to temporarily go analog and find “creative” ways to keep town government functioning, according to Southold Supervisor Al Krupski. Town email, access to records and other systems remain down, he said.

Krupski urged residents to be patient as services are gradually restored.

On Wednesday, the accounting office regained the ability to print checks, ensuring the town’s nearly 400 employees and vendors are paid on time. Town justice court proceedings also resumed Wednesday, according to the supervisor.

“Those little things mean a lot to the mechanics of running a government,” Krupski said in an interview, adding that the town’s main goal is providing essential services while systems are restored.

The incident was first discovered in the early morning hours of Nov. 24 after email and computer servers went down, Newsday previously reported. It has drawn a multiagency response and the town is working with the county Office of Emergency Management and state and federal partners, including the Department of Homeland Security and FBI.

Back to paper and faxes

Southold police officers have temporarily reverted to writing handwritten reports for domestic incidents, motor vehicle accidents and traffic tickets, Police Chief Steven Grattan said in an interview Wednesday, adding that the department is fully equipped to respond to calls.

The Suffolk County Sheriff’s Office lent the town a command station van with one workstation for officers to log reports, and the Riverhead Police Department has helped Southold process a handful of arrests over the last week, Grattan said.

“Our top priority is getting reconnected to … our records management system so that the officers can continue to do their reports from the car,” the police chief said. “When they’re busy, reports may not get done at the end of their tour because they’re sharing a single workstation.”

Grattan said he doesn’t have a timeline for repairs yet.

“It certainly has impacted daily operations,” Grattan said. “Fortunately, this is a quieter time of year for us.”

Though some departments are improvising, using text messages, fax machines or pen and paper to keep services going, other operations more reliant on technology are hampered.

Town Clerk Denis Noncarrow said resident beach and waste disposal permits, which were set to go on sale Dec. 8, will now be delayed until Dec. 15.

Krupski said the tax assessors' and receiver’s offices are also top priorities, and property tax bills are expected to be sent out on time this month.

Phone services, including 911, are not affected. The town’s website and board meeting portal are operational, but Laserfiche, a portal for town records, remains offline.

Krupski said the town’s three-person IT department collaborated with other agencies throughout the Thanksgiving holiday weekend, and an emergency response team is meeting daily while repairs are underway.

A ransom note

The supervisor confirmed that the town’s Information Technologies Department staff discovered a ransom note but did not open it, and he  declined to comment on its contents or demands.

Town Network & Systems Administrator Lloyd Reisenberg declined to comment on the incident Wednesday.

It’s still unclear how hackers accessed the town servers, where the attack originated or if resident data was compromised.

“We are very concerned about that kind of data loss,” Krupski said. “We’re trying to figure out how to best approach that.”

A similar attack on county infrastructure cost Suffolk taxpayers $25 million in 2022. That attack shut down the county website for more than five months and exposed sensitive information of 500,000 residents, Newsday has reported.

A report by Minnesota-based cybersecurity firm Arctic Wolf found that the average ransom for government entities is around $1 million.

Government and municipalities were in the top three most targeted sectors for ransomware and data breaches in 2024, according to an internet crimes report by the FBI.

The bureau advises against paying ransoms on its website, noting that they aren’t a guarantee to recovering data and the practice “encourages perpetrators to target more victims.”

Southold Town buildings are open and all departments can be reached by telephone, town officials said. Freedom of Information requests for documents must be made in person at the town clerk’s office until further notice. Residents can find updates at southoldtownny.gov.