Ransomware Shut Down a Whole North Carolina County

Security Breach

Security Breach

Mecklenburg County, North Carolina will not pay "ransomware criminals $23,000 to unlock numerous county's applications that have been frozen since Monday", county officials said in a release Wednesday afternoon.

"So all that information is intact", said Mecklenburg County Manager, Dena Diorio. "It will take time, but with patience and hard work, all of our systems will be back up and running as soon as possible". Diorio said she doesn't believe the hackers have access to personal information.

According to Diorio, a county employee clicked an attachment in an email they shouldn't have, exposing the files to the hackers, who are demanding 2 Bitcoin, or $23,000, in ransom money to release the files.

A third-party cyber security firm hired by Mecklenburg County contacted the hackers and learned the ransomware used is a new strain called "LockCrypt".

The county also could try to restore the servers itself, though Diorio said that could take a long time and come at a larger cost.

The county said the systems that will be restored first will be those relating to the divisions of health and human services, courts and land use and environmental services. "And there was no guarantee that paying the criminals was a sure fix", Dioro says.

The announcement came Wednesday evening hours after the Mecklenburg County manager told the public she would make a decision by the end of the day.

Late Wednesday, The Associated Press reported county sheriff's deputies were processing inmates by hand; a tax office had turned away electronic payments; and building inspectors had switched to paper records.

Each department is activating plans to continue operating during the outage, the county said. "We really don't want people to just show up and then get mad when we can't help them", Diehl said.

Things may also take longer at county offices because until the issue is resolved because they will be doing things on paper instead of electronically.

At this point, officials don't believe any information has been stolen, but malware was discovered on about 30 servers.

During a speaking engagement at Charlotte's Kennedy Middle School, Governor Roy Cooper said the county did the right thing by not paying the ransom. Achieving that goal will require the county to use its backups to rebuild applications from scratch, the county said.

Latest News