Officials 'Knee Deep' Into Investigation Regarding Ransomware Cyber Attack: Supervisor

SOUTHOLD, NY — On the Day 9 of a potential ransomware cyber attack on Southold Town's servers, Supervisor Al Krupski shared an update — and said the town is slowly restoring functions back to normal.

The sale of beach and transfer station disposal permits will be delayed until December 15, Krupski said.

"We're focusing our efforts on the recovery," the supervisor said. "And that recovery is ongoing."

Krupski said he is grateful to town, state, and federal officials — including the FBI and Department of Homeland Security — who've been working diligently since last Wednesday on the investigation into what exactly happened — as well as to Riverhead town officials, who have also extended a helping hand.

"They're still knee deep" into the investigation, he said, with no answers yet as to what caused the cyber attack.

Krupski lauded Southold Town police, who, he said, adapted immediately.

Southold Town Police Chief Steve Grattan said some police reports have been written by hand, but not all — there is still limited access to the town's reports management system, which is accessible through the Sheriff's Office's command van.

That van, he said, "is our direct link to the county. Officers have been sharing a single workstation to type up general incident reports."

Domestic and motor vehicle reports, as well as traffic tickets, have all been hand written, Grattan said.

Police are not able to complete arrest processing currently so arrestees are transported to Riverhead for processing, then taken back to Southold for confinement and arraigment, if they are held, the chief said.

"The officers are doing a great job adapting," he said. "For me, it's not having email that's been difficult, because it's our main mode of communication. We rely on computers so much that we don't realize how reliant we are upon them until we can't access them."

Despite the roadblocks, Grattan said: "I'm happy to say public safety has not been impacted at all."

Police are still able to get 911 calls as well as regular calls through the dispatcher, with operations "seamless," he said. "We have great leadership in town and I have a great team. Everyone at headquarters has been instrumental in figuring out how to continue to operate with the limited resources we have."

Not only the police department, but the landfill, as well — which was functioning as normal and able to accept credit card payments this weekend — have both been "functioning as normal," the supervisor said.

Justice court was running as normal on Tuesday, too, he said.

The town's IT department, Krupski said, worked all weekend to help keep the town operational, Krupski said. "They worked so hard — and slowly but surely we're restoring all the functions. The department heads have been great, making adjustments so they can function. Keeping everything running has been the key thing."

Both Southold Town police and town officials sent out information last week about the potential ransomware incident.

"Both 911 and administrative phone systems are functioning normally and are not affected by this incident," police said. "Email systems are currently offline, and the processing of records requests will be limited until systems are fully restored. Residents and visitors can be assured that the Southold Town Police Department remains fully prepared to respond to all emergencies and calls for service."

Town officials added that an investigation is ongoing; the cyber attack on town servers "affects our ability to to communicate with residents via email."

Speaking with Patch last Wednesday, Krupski said the town "reached out for help to everyone. We’re starting to line that help up."

Krupski confirmed that a demand, a "ransom note", to the town "hasn't been opened up yet."

He added: "In an abundance of caution, the focus has been on trying to preserve whatever integrity we have to our system right now."

The Suffolk County Office of Emergency Management headed out to Southold last week "to help us get organized on protocol," Krupski said

The focus, he said at the time, is to restore daily operations; the town's IT department has made "great strides. Department heads have been innovative."

Looking ahead, Krupski said last week that there would "be disruptions in some areas. We'll know more next week when we dig into our systems and see how this has affected them. We don't know the damage yet. We are going to start with public safety."

As it stands, no emails can be sent or received in town offices or at the police department but 911 is still operational, he said.

Krupski thanked the Suffolk County Sheriff's Office, Suffolk County Police, Riverhead Town Police and others for their help — he also thanked Southold Town Police who, he said, have done "a great job of coordinating, responding, and maintaining their operation."

He added: "It’s never a good time for this but we're encouraged by the response internally to keep our services active."