NC county officials will not pay hackers ransom for servers being held


CHARLOTTE, N.C. (WBTV) – Mecklenburg County officials said Wednesday they would not pay hackers for government office computer servers that are being held for ransom.

“I am confident that our backup data is secure and we have the resources to fix this situation ourselves,” said County Manager Dena Diorio. “It will take time, but with patience and hard work, all of our systems will be back up and running as soon as possible.”

The county was experiencing a county-wide computer system outage Tuesday afternoon. Just after 6 p.m., officials told reporters that 30 servers were being held for ransom.

Diorio said the hacker is asking for two bitcoins, which amounts to about $23,000 dollars, by 1 p.m. Wednesday. During a press conference scheduled at 2 p.m. Wednesday, county officials said they have not made a decision whether or not to pay the ransom but are planning on making a decision “by the end of the day.”

Diorio said regardless whether or not county officials pay the ransom, the incident won’t be resolved for several days. According to the county manager, departments are “up and running, but slower.”

WBTV has learned the hackers are demanding substantially more money than first reported, according to sources. The county is reportedly considering whether to pay the hacker.

news-app-download-apple-350x50news-app-download-android-350x50

The Department of Social Services is asking customers to confirm transportation scheduling.

During Wednesday’s press conference, Diorio denied reports that the ransom was more than the original $23,000 that was initially reported.

Anyone who made transportation reservations through DSS/MTS, including reservations made for bus passes and vendor transportation for trips scheduled through Dec. 11, is asked to call Customer Connections to confirm transportation. Customer Connections can be reached at 704-336-4547.

“It’s not that it’s personal information, but it’s information we need to do our business,” County Manager Dena Diorio said of the information breached, Tuesday night.

As of Wednesday morning, the hacker’s identity and location were unknown.

At least 48 servers were hacked during the incident, Diorio said during the media briefing. The servers impacted included:

  • Human Resources
  • Tax Office
  • Register of Deeds
  • Luesa
  • Assessor’s Office
  • Park & Rec
  • DSS
  • Child Support Enforcement
  • Finance

County officials said this is a “new strain” of ransomware and are calling this situation “patient zero.”

Diorio said no resident’s personal information is exposed, but all of the Information Technology Services (ITS) systems in the county are shut down. The outage will reportedly affect email, printing, and other ways to conduct business at most county offices.

“Things that we were doing electronically, we are now moving to paper,” Diorio said.

Diorio said a comprehensive list of the departments that will be moving to paper will be released Wednesday.

The breach reportedly happened when a county employee clicked on a bad attachment in an email, exposing the files.

“It’s concerning when this happens to government, it’s concerning to an individual when this happens to themselves,” County Commissioner Matthew Ridenhour said Tuesday night.

Earlier in the day Tuesday, a Mecklenburg County source said the outage was “believed to be due to an external threat.”

Diorio is now working with a “third party forensic expert” to navigate the county’s next steps. She said she is the one who will make a decision whether to pay the hacker by Wednesday afternoon.

“Based on our discussions with our attorney, there are a lot of places that pay, because it is easier to pay, it’s cheaper to pay than to try to fix it on your own,” she said. “So that’s the conversation that we are continuing to have.”

If you’re planning on heading to a county office for business purposes, you need to contact the office ahead of time to make sure you can be helped, county officials said.

No other details have been released.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s