Suffolk County Network Suffers Ransomware Attack, Palo Alto Leading Forensic Investigation

Suffolk County Network Suffers Ransomware Attack, Palo Alto Leading Forensic Investigation

Suffolk County suffered from a ransomware attack by ALPHV/BlackCat on September 8th, 2022. Suffolk county’s email, web applications, and websites were taken offline during this cyber attack, resulting in Suffolk County’s inability to pay local businesses, among other troubles. Suffolk county vendors are owed approximately $ 140 million. Approximately four terabytes of data are said to have been stolen, indicating backdoor access to Suffolk County’s network may have been established sometime prior to the September 8th ransomware event.

The county is working with the FBI and Palo Alto Networks for incident response and forensic auditing. Prior to November 1st, 2022 incident response efforts were conducted by consulting firms Redland Strategies Inc and Palo Alto Networks.

Palo Alto’s Previous Suffolk County IT Systems Contracts

Palo Alto has received nearly $ 3 million in new contracts since the September 8th breach to investigate the origins of the intrusion, log analysis, and perform threat-hunting. However, Palo Alto won a contract for firewall services following the 2019 investigation, which replaced Cisco systems. Some have raised concerns over this potential conflict of interest, as Palo Alto provided the firewalls for Suffolk County during the time of the breach.

Redland Strategies and Palo Alto were previously involved with Suffolk County’s computer systems back in 2019, when they were awarded a contract for $55,000 to determine vulnerabilities and make recommendations on how to protect Suffolk County networks over a five-month period.

Suffolk County Proposed IT Budget

Suffolk County Executive Steve Bellone proposed in his 2023 budget to raise IT spending from about $25 million to $32-36 million and add 19 positions to the department, including a Chief Information Security Officer.

Prepared for a breach?

Increase your cybersecurity stance before an attack happens to you.