Officials at Suffolk County, New York, have disclosed that significant cybersecurity lapses have brought upon the major ransomware attack last September
, which compromised nearly 500,000 residents' personal data, reports WNYW-TV
Threat actors leveraged a vulnerability to infiltrate County Clerk servers eight months prior to attacking the county, according to a 40-page forensic report on the incident conducted by a third-party cybersecurity firm.
"[The report] described in great detail the eight months that the criminal actors spent in the Clerks office installing bitcoin mining software, creating fake accounts," said Suffolk County Executive Steve Bellone, who noted that a presence of a county chief information security officer could have averted the incident.
Only 1.6% of Suffolk County's systems have been affected by the attack and the county has been able to restore over 95% of its services without paying any ransom.
"We're in a better position than we were before, and we can move forward with remote access coming soon," said Chief Deputy County Executive Lisa Black.