LONG ISLAND - Officials in Suffolk County are on the hunt for the criminals behind a massive cyberattack that compromised sensitive data and forced some County government services offline for weeks this fall.
"The criminal actors first infiltrated the County Clerk’s I.T. environment one year ago this month," Suffolk County Executive Steve Bellone said.
On Wednesday, Bellone placed the I.T. Director in that office on administrative leave.
"Had the Clerk I.T. Director simply advised I.T. security that a significant security a flaw had been identified, a full response could’ve been mounted," he said. "Eight weeks before the actors migrated."
Bellone says the Clerk I.T. Director should've corrected a key security flaw in the office following an illegal bitcoin mining operation last year and the arrest of another employee.
"Six months after criminal actors entered the Clerk’s environment the I.T. Director did nothing to remedy the vulnerability," he said.
Once burrowed into the system Bellone says actors spent months searching for the so-called motherload. Once found they had the tools to move to the County network.
"We can only imagine how astonished the criminal actors must’ve been to find a folder on the network with a file called passwords," Bellone said.
To date, Bellone says the County has spent $3.4 million on restoration and $2 million on the investigation but he refused to give in to the hackers demands of $2.5 million ransom.
There’s no word on when the full forensic examination will be finished. Bellone says much of the timeline depends on cooperation from the clerk’s office. As for the Suffolk county district attorney’s office, officials there are working with the FBI on the criminal investigation. No arrests have been made.