NC county will not make ransom payment to cyber criminals who attacked public services

Denes Farkas/iStock/Thinkstock(CHARLOTTE, N.C.) — Mecklenburg County, North Carolina will not pay “ransomware criminals $23,000 to unlock many of the county’s applications that have been frozen since Monday,” county officials said in a release Wednesday afternoon.

“I am confident that our backup data is secure and we have the resources to fix this situation ourselves,” County Manager Dena Diorio said in a statement on the county’s website. “It will take time, but with patience and hard work, all of our systems will be back up and running as soon as possible.”

The statement said it would take several days to fix the problem using backup data from before the incident to “rebuild the applications from scratch.” Systems involving Health and Human Services, the court system and Land Use and Environmental Services are top priority, according to the statement.

“It was going to take almost as long to fix the system after paying the ransom as it does to fix it ourselves,” Diorio said in the statement. “And there was no guarantee that paying the criminals was a sure fix.”

Earlier, Diorio said there was no indication any data had been lost or personal information compromised. She said the ransomware was a new strain called a “lockscript,” which appears to have originated in Iran or Ukraine, and affected 48 of the county’s 500 servers.

She said the county had reached out to the cyber-criminals, who had demanded a ransom of two bitcoins (about $23,000), through a third-party cyber-security firm and decided against making the payoff. She said the county acted quickly to shut down services to prevent the spread of the virus after it was discovered. The statement added county offices are open and affected departments are using “alternative processes” to conduct business.

Copyright © 2017, ABC Radio. All rights reserved.