County weighs paying cyber hackers $26K ransom for servers held hostage

  • County weighs paying cyber hackers $26K ransom for servers held hostage

County weighs paying cyber hackers $26K ransom for servers held hostage

Mecklenburg County officials have chose to not pay hackers $23,000 to unfreeze files on dozens of affected servers. Because of a backup system, the hack didn't compromise any personal information or delete any data.

The hackers demanded a ransom of $23,000, but on Wednesday Diorio refused to pay, saying the county's backup systems could restore much of what had been disabled.

Cyber experts believe the hackers operated from Iran or Ukraine and infected the servers with a new strain of ransomware known as LockCrypt, she said.

"It was going to take nearly as long to fix the system after paying the ransom as it does to fix it ourselves", Diorio said.

The county said the systems that will be restored first will be those relating to the divisions of health and human services, courts and land use and environmental services. "And there was no guarantee that paying the criminals was a sure fix".

A variety of online public services in Mecklenburg County, North Carolina's most populous county, were running slow or unavailable, days after hackers penetrated dozens of servers and froze data. In the meantime, county officials have been forced to revert to paper systems.

The computer problems haven't affected the processing of emergency calls because they are handled by the city, said Mecklenburg County Sheriff's Office spokeswoman Anjanette Flowers Grube.

Departments affected by the outage are implementing contingency plans.

"Once you're in that situation, you really have no good option, so a lot of people and companies end up paying", he said.

The county of more than 1 million residents includes North Carolina's largest city, Charlotte, though that municipality appears not to have been directly affected by the hack. He said he was told the county hopes to fix the problem "this week".

Things may also take longer at county offices because until the issue is resolved because they will be doing things on paper instead of electronically.

He said it's not unusual for businesses and local governments to pay the ransom. And credit card numbers aren't stored on a county server.

During a Wednesday press conference on Facebook Live, the county manager stressed that while 48 of the county's 500 servers were impacted, as well as multiple applications that run through those servers, no sensitive or confidential information is believed to have been compromised. The hackers' threat isn't to publish the files, but to keep them inaccessible.