Ransomware attack that forced a New York county back to pen and paper began in 2021, official says

Suffolk County, New York, has discovered significant deficiencies in its clerk’s cybersecurity practices following a ransomware attack that leaked the data of its 1.5 million residents. The investigation revealed that, using a Log4j vulnerability, hackers had infiltrated the clerk’s office, installed bitcoin mining software, and harvested credentials for eight months before carrying out the attack. Despite being demanded $2.5m in ransom, the county did not pay. The attack had far-reaching implications, with services such as email and payment systems affected.