In Albany ransomware attack, officials say information was not compromised

Mayor Kathy Sheehan said any data lost to last month's cyberattack are being rebuilt from paper files or unaffected systems, but accounts on the incident vary.
Albany, New York on a map
Getty Images

Officials in Albany, New York, said Wednesday that no city information was compromised in the ransomware attack that struck its municipal government late last month. Mayor Kathy Sheehan and Rachel McEneny, the city’s administrative services commissioner, said that the city did lose access to some data, but that the technicians responding to the hack, which Sheehan made public March 30, have the ability to restore it.

“From the standpoint of mission critical data and information we feel confident that anything we need to recover, we’ll be able to recover,” Sheehan said at a news conference.

While most city services are available to residents, officials are still unable to process requests for vital records like birth certificates and marriage licenses, and are referring people to offices in neighboring jurisdictions.

The mayor said that Albany has not paid the ransom demanded by the malware that encrypted city computer systems, but few other details are available. The type of ransomware used in the cyberattack still has not been publicly revealed.


There also remains conflicting information put forth by the city and the union representing its police officers about the full extent of the ransomware attack. Shortly after Sheehan’s initial announcement, Gregory McGee, the vice president of the Albany Police Officers Union, wrote on Facebook that officers had been cut off from email, shift-scheduling and the computers inside patrol cars, though Sheehan’s office said no law-enforcement services were affected by the ransomware.

But the Times-Union reported Wednesday that one police officer said his bank account was drained for the second time in three months following the ransomware attack. City officials said that individual has recovered his money, though, and that the account being emptied was the result of a previous phishing attack.

The city has set up credit-monitoring services for its 1,300 full-time employees, as well as seasonal and part-time workers and retirees. City workers’ computers are also being scanned before being reconnected to municipal networks and the New York State Office of Information Technology Services is also investigating the ransomware incident.

Still, details on the attack remain sparse. While the update Sheehan and McEneny gave Wednesday sheds some light, it’s becoming increasingly common for ransomware victims, especially government organizations, to be withholding, according to Thomas MacLellan, Symantec’s director of policy and government affairs.

“Maybe there are tactical reasons,”MacLellan said, suggesting that local governments hit by ransomware might be “coached” by state or federal law enforcement agencies to disclose fewer details. “Why give up anything someone else could replicate?”


MacLellan said that cybercriminals tend to look for the easiest victim, often distributing their malware using spearphishing attacks, phony emails designed to trick trusting employees into handing over their credentials to attackers. And smaller, local governments like Albany — population 98,000 — are increasingly attractive targets.

“If New York, Los Angeles, Miami have toughed up, they’re going to go after the second- and third-tier cities,” he said.

Ransomware attacks are thriving in enterprise environments, according to research published by Symantec earlier this year. While overall ransomware incidents declined by 20 percent in 2018, which MacLellan attributed to consumers becoming better educated on internet-security, there was a 12 percent surge in enterprise-level attacks, a category that includes government.

Indeed, many recent cyberattacks against local governments have targeted small and midsize cities and counties like Orange County, North Carolina; Jackson County, Georgia; and Akron, Ohio.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts