An unknown ransomware variant infected the city offices of New York’s state capital, the City of Albany. Although, employees were still expected to arrive to work Monday morning, city offices did not open until 12 p.m. EST. The city’s IT staff are still investigating total damages as a result of the cyberattack, including which systems are impacted.
As of the latest press release, the city’s payroll systems had been compromised, as well as certain public records, such as birth, marriage, and death certificates. Since the payroll systems include personal data of employees, there were initial concerns of a data breach as well. However, after further investigation, it appears personal employee data was not compromised. Although, the city is offering employees the option for credit monitoring service if they so wish.
Beyond city offices, the Albany Police Officer’s Union (APOU) is also suffering the aftermath of this attack. According to the APOU’s Vice President, Gregory McGee, members do not have access to services or programs that operate using an internet connection, as their networks are currently not online.
One of the biggest interferences this has caused has been with the scheduling system. Without scheduling access, the APOU does not have a way to track who is working, or the manpower they have available. Additionally, the ransomware infection also impacted the computers within patrol cars. Due to this interference, officers are not able to access accident or incident reports. Therefore, calls for service may take longer than expected, as officers are missing access to the tools needed to conduct daily job duties.
The Unknown
It remains unclear how the ransomware infected the network, including how it bypassed the security measures the City of Albany had in place. Additionally, the ransom demands have not been publicly released, as it remains unclear if city officials will end up paying the hackers to restore city networks.
This attack came just weeks after Jackson County, located in Georgia, also fell victim to a ransomware attack. Jackson County officials paid the ransom demands of $400,000. Although, even after paying the ransom demands, it still took days before the county’s networks were back up, and even then, they were not running at full capacity.