On September 11, 2024, the Town of Ulster in New York experienced a cyberattack that significantly disrupted its primary computer systems. Supervisor James E. Quigley, III reported that the attack caused a complete shutdown of the town’s main general server. The town’s response was swift, with servers being turned off within an hour of discovering the intrusion. The systems were not turned back on until security measures were strengthened, and the incident was promptly reported to New York State Homeland Security Cybersecurity Services, which automatically alerted the FBI.
The town worked closely with local and county officials to manage the situation, including notifying the City of Kingston IT system manager and mayor. The police department was not involved in the initial stages of the investigation, as the forensics were handled by professionals brought in through the town’s insurance company. Quigley clarified that while law enforcement might get involved, it was not guaranteed, as investigations of this nature typically focus on digital forensics rather than traditional police work.
As of September 18, 2024, many systems within the town remained offline, except for those of the police department and the town court, which were operated on separate servers. Other municipal services, such as water, sewer, payroll, and administrative functions, were impacted. Despite these disruptions, the town managed to establish manual procedures to continue operations. The town has been in disaster recovery mode, collecting both electronic and paper backup data to assess the situation, and thus far, no data loss or unauthorized removal of information has been detected.
Currently, the town is operating on a restored backup server, with most departments functioning at full capacity, excluding the administrative offices. Quigley described the recovery process as challenging but manageable, with a focus on rebuilding and securing the town’s digital infrastructure. The timeline for full recovery remains uncertain, with both the forensic investigation and the restoration of operations still ongoing.
Reference:
