A ransomware group called Rhysida today took credit for a November 2025 cyber attack on the local government of Southold, New York.
Southold officials on November 24, 2025 announced a ransomware attack disrupted its systems, including email, payroll, tax collection, permitting, and other functions. Southold spent two weeks restoring its most of its systems, and some were still offline as of mid-January.
On its data leak site, Rhysida demanded Southold pay 10 bitcoin in ransom, worth about $661,400 at time of writing. Rhysida gave Southold seven days to pay, or else it threatens to sell the data to other cybercriminals.
Southold supervisor Al Krupski said the city does not intend to pay a ransom.
Southold officials have not acknowledged Rhysida, and Comparitech cannot verify the ransomware group’s claim. We do not know what data was compromised or how attackers breached Southold’s network. Comparitech contacted Southold officials for comment and will update this article if they reply.
The city spent $500,000 on security upgrades since the breach.
“Please be advised that the Town of Southold is investigating a potential cyber incident affecting town servers, which affects our ability to communicate with residents via email,” said the city’s November 24 announcement. “During the course of this investigation, we regret to inform you that all town services will be limited.”
Who is Rhysida?
Rhysida is a cybercriminal group that first surfaced in May 2023. Its ransomware can steal data and lock down targeted systems. It then demands a ransom both for deleting stolen data and for a key to restore infected devices. Rhysida operates a ransomware-as-a-service business in which affiliates pay Rhysida to use its malware and infrastructure to launch attacks and collect ransoms.
In 2025, Rhysida claimed responsibility for 21 confirmed ransomware attacks and made another 70 attack claims that weren’t acknowledged by the targeted organizations.
Five of Rhysida’s confirmed attacks from last year hit government entities:
- Oregon Department of Environmental Quality in April ($2.6 million ransom, unpaid)
- Maryland Department of Transportation in August ($3.4 million ransom, unpaid)
- Cleveland County Sheriff’s Office in November ($782,000 ransom)
- Cheyenne and Arapaho Tribes in December 2025 ($682,000 ransom, unpaid)
In 2026 to date, Rhysida has taken credit for six more breaches.
Ransomware attacks on US government
Comparitech researchers logged 84 confirmed ransomware attacks on US government entities in 2025, compromising about 639,000 personal records. The average ransom demand was $987,000.
In 2026, we’ve confirmed four such attacks on Midway, FL; Winona County, MN; New Britain, CT; and the Tulsa International Airport.
Ransomware attacks on government entities can both steal data and lock down computer systems. They can disrupt any number of government systems from bill payments to court records and even emergency dispatch. Governments must pay a ransom for the stolen data and to restore systems, or else they face extended downtime, permanent data loss, and putting data subjects at increased risk of fraud.
About Southold, NY
Southold, New York is a town in Long Island, New York with a population of about 24,000 people. It’s part of Suffolk County, which suffered its own major data breach and ransomware attack in 2021 that leaked the personal data of 470,000 resident and severely impacted county operations.
