alphv attacks County Suffolk and contractors

Incident Date:

September 15, 2022

World map



alphv attacks County Suffolk and contractors


County Suffolk and contractors




New York, USA

New York, USA

First Reported

September 15, 2022

Suffolk County and Contractors Targeted by Alphv Ransomware Group

Company Overview

Suffolk Construction, a prominent US-based company, is renowned for its dedication to people, partners, quality, and innovation. Recently, the company experienced a significant cyberattack that disrupted their online services for an extended period.

Industry Standout

Known for its innovative approach to construction, Suffolk Construction excels in bringing together people, innovations, and partnerships to tackle new challenges. The company has earned accolades for fostering an inclusive culture, prioritizing worker safety, and living up to its core values.


The cyberattack on Suffolk County and its contractors has exposed the vulnerabilities of local municipalities to cyber threats. The Alphv ransomware group infiltrated the county clerk's network, which was obscured from the county's IT department, enabling them to deploy exfiltration tools, generate fraudulent accounts, and steal credentials. This incident emphasizes the critical need for comprehensive cybersecurity defenses, including firewalls, consistent vulnerability assessments, and thorough employee training.


The ramifications of the ransomware attack were extensive, disrupting email services for over 10,000 county employees and compelling many to revert to manual processes for government services. Emergency dispatchers resorted to recording calls by hand, and police communicated crime details via radio due to compromised communication systems. The title search system was incapacitated for weeks, severely hampering real estate transactions.

Recovery Efforts

In response to the attack, Suffolk County has been diligently working to rehabilitate the affected systems, with support from Cisco and Palo Alto Networks. The county has allocated nearly $5.5 million towards recovery and investigative efforts.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.