Mecklenburg County leaders will not pay 2 bitcoin ransom to cyber attackers


CHARLOTTE - Mecklenburg County leaders announced they will not pay the ransom to cyber attackers who are holding files on the county's server.

Officials said instead of paying the hackers they are going to use backup data available prior to the hack to rebuild the applications from scratch.

CLICK HERE to read more and see a video from WSOC

"I am confident that our backup data is secure and we have the resources to fix this situation ourselves," Mecklenburg County Manager Dena Diorio said. "It will take time, but with patience and hard work, all of our systems will be back up and running as soon as possible."

Diorio told Channel 9 that someone opened an email they shouldn't have opened, which helped the hacker infiltrate the system and cause a countywide outage.

UNC Charlotte professor Bill Chu, who started the cybersecurity program at the school, said even in the most highly-trained workforces, 10 percent of employees will still open dangerous phishing emails. He said it's because some messages are well disguised and employees open them up.

Mecklenburg County leaders said the ransomware used during the attack is a new computer virus strain called LockCrypt.

Diorio said during Wednesday's news conference that the hacker asked for two bitcoin, which is about $25,000, in exchange for the 48 files that were breached. Officials believe the hacker is either from Iran or Ukraine.

Diorio said there is no evidence that personal, customer or employee information or data has been compromised.

Charlotte City Councilman Tariq Bokhari, who has created cybersecurity programs, told Channel 9 that county officials didn't notice the hacker was invading until the city's IT staff noticed anomalies in network traffic.

When county officials were made aware of the attack, all countywide Information Technology Services systems were shut down.

Diorio said the decision to not pay the hackers came after consulting multiple experts in the cybersecurity field and realizing that the time difference for Mecklenburg County officials to do it would not be significantly different. "It was going to take almost as long to fix the system after paying the ransom as it does to fix it ourselves," she said. "And there was no guarantee that paying the criminals was a sure fix."

Diorio said the process to resolve the situation will take days not hours. She said the county is open for business, but it is much slower than usual.

The shutdown is affecting email, printing and other county applications, including the ability to conduct business at most county offices. For the time being, the county will have to work on paper instead of electronically for some services.

The county's domestic violence hotline that is operated by Safe Alliance was not impacted by the hack.

In an emergency, victims are asked to call 911.