County Slowed Down by Ransomware After Refusing to Pay Hacker

Mecklenburg County, N.C., is working toward fixing its computer systems after refusing to pay a hacker who used ransomware to freeze dozens of local government servers.

• By Jessica Davis
• Dec 08, 2017

Mecklenburg County, N.C., is working toward fixing its computer systems after refusing to pay a hacker who used ransomware to freeze dozens of local government servers. The ransomware is said to be a new computer virus strain.

The ransomware attack happened earlier this week after a Mecklenburg County employee opened an email attachment carrying malicious software that froze data on 48 of their 500 servers. 

County Manager Dena Diorio said Wednesday that the county would not pay the hacker’s demand of two Bitcoin, or about $25,000, and would instead use backup data available prior to the hack to rebuild their applications from scratch.

“I am confident that our backup data is secure and we have the resources to fix this situation ourselves,” Diorio said.

Cybersecurity experts called in to work with county officials have said that the hackers are likely from Iran or Ukraine, based on their cyber forensics analysis. Mecklenburg County leaders said the ransomware used in the attack was a new computer virus strain called LockCrypt.

Cybersecurity experts and law enforcement generally recommend against paying hackers ransoms, as that can further incentivize ransomware attacks.

Until the county’s computer system is fixed, residents will face delays and disruptions to county services.