Southold Town has been hit with a ransomware attack, according to town officials.
Both 911 and administrative phone systems are functioning normally and are not affected by the incident, Southold Police Chief Steve Grattan said. The department remains fully prepared to respond to all emergencies and calls for service, according to the chief.
During the course of the investigation into the attack, an alert on the town’s website warns: “We regret to inform you that all town services will be limited. We will remain open and available to assist you in any way by phone or in person during regular hours. We are working to maintain essential town services and will continue to work to restore all systems.”
Ransomware attacks are insidious but common cyberextortion schemes that lock up a municipality’s servers until a ransom is paid, often in cryptocurrency. According to the cybersecurity firm Mimecast, 34% of state and local government systems were infected with ransomware in 2024. Local hospital systems and local police departments have also been targeted.
A 2025 analysis looked at 525 ransomware attacks on U.S. government entities between 2018 and late 2024 — the majority of them local governments, counties, school districts and utilities. From the subset of cases where a payment amount was known, the researchers found an average ransom payment of about $872,656 per attack, with total ransom payments of roughly $458 million over that period.
A Sept. 2022 ransomware attack that hit Suffolk County’s servers disrupted essential services for months, and cost the county millions, but in that incident no ransom was paid, according to a 2024 county analysis.
In the last several years, a handful of Long Island school districts — including Mattituck-Cutchogue — have publicly acknowledged ransomware or serious cyber incidents. Town- and village-level attacks are believed to be more common than the public record suggests, but often local governments either avoid labeling them as ransomware or release only bare-bones statements about “unusual activity” on their networks.
Southold Town Supervisor Al Krupski said in an interview Monday night that the town moved quickly Monday morning to isolate and investigate the incident after staff discovered the email system had gone down around 7:30 a.m.
“They unplugged everything so the problem couldn’t spread,” he said, adding that town police immediately contacted county law enforcement for technical support. The town also reached out to the New York State Department of Homeland Security’s cyber division and the county’s Office of Emergency Management, which spent the day helping Southold identify the source of the disruption and prevent contaminated systems from being restarted.
“We want to make sure we’re not going to open something up that we shouldn’t,” the supervisor said. Krupski confirmed the town has system backups, but said officials are proceeding with extreme caution before restoring any data or infrastructure.
To keep government services running, the supervisor convened department heads and instructed them to prepare to operate manually if necessary. Staff members are working to set up standalone printers and basic functions disconnected from the town network.
“We’re looking at ways to keep town services rolling so we don’t come to a crashing halt,” Krupski said. If it comes to that, he said, Southold will temporarily revert to old-fashioned methods.
“If we have to go back to pen and paper, we will do whatever is necessary to keep it open,” he said. “We were without computers for the first 300-plus years.”
No updates? What about the month-long shutdown of the Southold Town Clerk’s office in May/Jume 2025 that probably caused this ransomeware attack? Not interested in reporting on Republican incomptence? What biased rag this is!