Albany Mayor Kathy Sheehan On Ransomware Attack: Facts

Apr 10, 2019

Albany Mayor Kathy Sheehan has delivered an update on the city’s recent ransomware attack.

Mayor Kathy Sheehan employed social media March 30th to announce an attack took place early that morning and sent officials scrambling to get affected services back up and running. Some data was lost, some services are still affected.    "We are still telling people to go for their documents, their birth certificates and death certificates, to Menands, and again that's just out of the ease of not confusing people. We have long periods of time and dates where those records are available here, but we want to be able to make it clear to customers when we are fully operational. We don't want somebody coming here and being told 'sorry, that person was born after a certain time so you have to go to Menands'."

During a follow-up news conference two days later, Sheehan stressed no one's personal information had been taken in the attack.

Then rumors began to circulate. The Albany Police Officers Union posted on Facebook that its officers could not access any service or program dependent on an internet connection, and computers aboard patrol cars were affected. Another posting alluded to "drained bank accounts." Sheehan denied those claims Wednesday at City Hall.   "The union did not communicate directly with us with respect to those concerns. We heard about them through the media and social media.  We implemented a process where all employees were notified that if they had experienced suspicious activity on any of their accounts they were to contact the commissioner of administrative services. She then followed up individually with each person who did notify her and worked with that individual and their bank, and any reports, there were very few reports, any of those reports were determined by the individual, by us and by the banking institution to be unrelated to our payroll data."

City employees for now are back to punching in and out on time clocks. The mayor would not disclose how the ransomware penetrated the computer network. Brian Nussbaum is assistant professor at the College of Emergency Preparedness Homeland Security and Cybersecurity at the University at Albany.  "Ransomware gets on to networks in the same way that most malware gets on to networks, malware being malicious software, through things like Phishing emails, through infected websites online that you go and visit and they drop or download the software onto your computer. Things like infected USB drives."

Sheehan noted there was one individual on the police force whose bank account was drained, but that person had had similar issues a few months ago, and the incident was unrelated to the ransomware attack.  Sheehan emphasized that while data on certain servers was inaccessible after the breach,  at no time was the city's ability to dispatch police or fire to emergencies affected. She added she'll release additional information about the attack when the time is right.   "We will rely on expertise of state cybersecurity as well as law enforcement with respect to how much we ultimately disclose, but we can assure our residents and our employees that we are working to ensure that we have practices in place to prevent something like this from happening in the future."

Sheehan said no ransom has been paid. The city activated a plan to recover from the attack soon after it happened. The New York State Office of Information Technology Services is assisting in the investigation.   "There will be a financial impact, though. You know, this is not, again, this isn't a victimless crime."