City of Albany Cyberattack

New York’s Capital, Albany New York – Hit by Ransomware Attack

Last updated April 12th, 2019

The City of Albany, New York, was hit by a ransomware attack on March 30th, with city officials working over the weekend to respond to the incident. The City of Albany cyberattack has made damages to the City of Albany and the extent or cost is not yet known. A press release has been issued on March 31st. on the official site for the Capital City of New York.

Mayor Kathleen Sheehan has made statements on Facebook, and Twitter that the city of Albany has experienced a cyber attack. The City of Albany cyberattack Facebook statement reads:

“**City of Albany Outlines Service Availability** On Saturday, the City announced that it experienced a ransomware attack. City officials have worked throughout the weekend responding to this incident. All City employees will report to work during normal business hours on Monday, and City buildings will be open to the public at 12:00 p.m. City Court services will operate during normal business hours.”

city of albany cyber attack

The Twitter status reads: “The City of Albany has experienced a ransomware cyber attack. We are currently determining the extent of the compromise. We are committed to keeping you informed and will provide updates as they become available.”

cyber attack announcement

Mayor Kathy Sheehan is scheduled to hold a press conference on Monday, April 1st at 12:30 PM at Albany City Hall to provide an update on the availability of city services as detailed in a press release on the Albany’s official website.

The mayor has not yet “disclose the specific strain of ransomware; whether Albany lost any data; or if the city paid any ransom to the attackers.” “Sheehan said the city is working to determine the extent of the compromise.”

According to the Times Union, credit monitoring will be offered to all city employees as a precaution. Residents can use credit cards to pay taxes but Sheehan says the city does not keep the numbers.

April, 1st 2019 – April Fools’

This is no small joke or hoax. The breach raised major concerns for the head of the city police union. Greg McGee, head of the police union states the cyber attack took down a database used in police cruisers for background checks. The attack also took down the department’s own database, which has officers’ personal information and the department’s schedule for officers.

The Mayor continues to state the impact on police operations was minimal.  Mayor Sheehan says there’s no evidence that any personal information was taken. The city of Albany is still trying to determine the root of the attack, no details have been made public.

Times Union’s Steve Hughes who attended the press conference states there is “no evidence personal data was taken”. The City still evaluating “system impacted, appears payroll services are affected. Employees tracking hours on paper. Won’t say if city paid ransom.” Mayor Sheenan “says city was alerted by IT system that was wrong, still tracking cost to city.”

As detailed in a Facebook post made by Gregory McGee, Vice President of the Albany Police Officers Union (APOU): “Calls for service may take longer than expected to complete due to the fact officers do not have the tools at hand to provide the appropriate level of service.” The post then goes on to state “One has to ask the question of why a police department with sensitive information is on the same network that was so easily attacked. What are the contingency plans in an event like this? Why is there no information being explained to the members of the APOU? What is the timeline for services being restored so that the members of the APOU can provide citizens with the appropriate services? Is the sensitive personal information of APOU members secure, and what, if any, guarantees are there that it is”

According to the Times Union, “Police spokesman Steve Smith said Sunday that the department remains adequately staffed and there are no interruptions in service to the community.”

April 2nd, 2019 – Update

The city of Albany continues to try to recover from the cyber-attack over the weekend. Mayor Sheehan says no personal information was stolen during the ransomware. It was first discovered Saturday, March 30th and disabled a number of city computers.

April 5th, 2019 – The First Major Update

WYNT News Channel 13 is reporting that Albany Police Union Vice President Officer Gregory McGee has been notified from City of Albany Police Officers that there has been some fraudulent activity on their bank accounts. They’re noticing some substantial withdrawals are occurring,” said McGee, and some officers have had their bank accounts drained.

April 6th, 2019 – Coping with a ransomware attack

According to CNN:

  • On Monday the police were able to digitally enter incident reports
  • On, Tuesday the city was able to process marriage licenses again
  • The police department’s scheduling program still is unusable
  • Birth and death certificates are still unavailable

April 9th, 2019 – 11 Days post-attack

“City officials still have not released basic details on the attack”. It has been reported that the city’s IT systems alerted administrators to a security issue

April 10th, 2019 – 12 Days post-attack

Sheehan’s administration has given few details about the attack including “how the attack occurred, who is handling the investigation and whether authorities have a sense of who launched it.” Nearly all public city functions have been available since last week, but some of the systems are still offline for the city of Albany.

Mayor Kathy Sheehan has not spoken publicly about the incident since April 1st. Mayor Sheehan will speak about the incident in a press conference at 9:30 am today.

According to a press references and video posted on News 10 ABC. The Birth, marriage and  death certificates are were affect but now up and running. The mayors states “The issue is that we have a number of options, from which to choose for rebuilding the data that was lost, and so we need to determine the most cost effective and efficient way to do that.” This is imply data was lost and there will be funds needed to build new systems.

CBS 6 WRGB is has posted additional video of Mayor Kathy Sheehan and Rachel McEneny, the Commissioner of Administrative Services. Mayor Sheenan did confirm it was ransomware an state “We were notified by email that our files had been encrypted and that in exchange for paying a specified crypto-currency our files would be decrypted.” The mayor stated they could not discuss specifics about the ransom. They have an investigation in to the source of the attack. They are also still trying to determine where the vulnerabilities are in the city’s systems.

According to the mayor some data was permanently lost, but that data was either old records or systems they didn’t need any more. The mayor also addressed the rumors that at multiple police officer’s bank accounts were drained during the cyberattack. The mayor has stated one offices account was drained but it was for a unrelated incident that the problem started prior due to a successful phishing attack conducted over the phone three months prior, and that it was an ongoing issue.

The city is providing identity and credit monitoring services for the more than 1,300 city current employees, retired city employees, and temporary workers.

Mayor Sheehan has not given any estimates on how much the ransomware attack has cost the city so far.

Additional Cyber Attacks

Additional cyberattacks have occurred at the University at Albany. According to a post on albanystudentpress.net from April 2nd, 2019 “there have been several attacks over the course of the semester, with the most recent crashing the university’s domain name servers over spring break.”

DDoS (distributed denial of service) attacks work by paralyzing of a computer network by flooding it with data sent simultaneously from many individual computers. Martin Manjak, Chief Information Security Officer at the University at Albany states the most recent March attack utilized over over 600,000 IP addresses over a period of four seconds. The DDoS attacks seek to slow down online resources and have even crashed system so students and faculty cannot use them.