Mecklenburg Servers Hacked, Files Held For Ransom

Dec 6, 2017
Originally published on December 6, 2017 10:50 am

Many Mecklenburg County functions have come to a halt after a ransomware attack encrypted files on at least 30 county servers. The hackers have given the county a deadline of 1 pm Wednesday to pay a ransom of about $23,000.

The attack happened when a county employee opened an email attachment that infected the county’s computer system with spyware and a worm. 

County Manager Dena Dioro  believes no personal data, like social security numbers or health information, have been compromised.

"So while they’ve frozen the servers, they’ve not compromised the data and not stolen data, as far as we know at this point."

She says credit card numbers aren’t kept on a server. 

The county disconnected most computer applications to try to isolate the attack. On Tuesday, employees couldn’t print, call centers were down, and the code enforcement office had no access to electronic files stored on servers.

The hackers’ threat isn’t to publish the files, but to keep them inaccessible.    

"We’ve been told by [the hackers] we need to pay two bitcoin, or $23,000 for them to give us the de-encryption to have the servers released and the files returned to us," says Diorio. 

She says it’s her call whether to pay them and she’s debating doing that. If so, the county may be able to access the files quickly. On the other hand, hackers may not handover the key to unlock the files and come back for more money. The county can restore the files itself, but Diorio says, that could take a long time and come at an even larger cost.

A couple county commissioners declined to talk about the attack, saying they don’t fully understand the ins-and-outs of it. Commission Chair Ella Scarborough says she doesn’t want the county to pay the ransom.

"Absolutely not. If they can make us pay now for that, they’ll make us pay for something later," says Scarborough. "We need to look at what other companies are doing to ensure that [hacks] don't happen."

The county is working with a third-party technology company to figure out what to do. On Wednesday, Diorio expects to release a list of services that are unavailable because of the attack.   

Copyright 2017 WFAE. To see more, visit WFAE.