North Carolina’s most populous county is reeling from a cyberattack that has crippled computer systems in Charlotte and the surrounding region.
Government operations throughout Mecklenburg County have been impaired since Monday after its computers were infected with ransomware, a type of malicious software that typically encrypts the contents of affected machines and holds them hostage unless the victim pays the perpetrator.
Mecklenburg County officials decided against paying a $23,000 ransom by a Wednesday afternoon deadline and instead are moving forward with rebuilding its systems from backup copies, County Manager Dena Diorio said afterwards.
“I am confident that our backup data is secure, and we have the resources to fix this situation ourselves,” Ms. Diorio said at a press conference later Wednesday. “It will take time, but with patience and hard work, all of our systems will be back up and running as soon as possible.”
Mecklenburg’s woes began when a county employee opened a malicious email attachment Monday that subsequently unleashed a programming worm that quickly traversed its computer system, The Charlotte Observer reported.
Forty-eight of about 500 county computer servers were ultimately affected by the worm, effectively paralyzing agencies, including the county’s Tax Office, Parks and Recreation Department and Human Resources office among others, The Observer reported.
The cyberattack forced county employees to abandon electronic systems in lieu of paper records and reportedly resulted in sheriff’s deputies processing jail inmates by hand this week, the report said.
Mecklenburg ultimate agreed to ignore the ransom demand and rebuild its systems from backups after consulting with security professionals, Mr. Diorio told reporters.
“It was going to take almost as long to fix the system after paying the ransom as it does to fix it ourselves,” she said. “And there was no guarantee that paying the criminals was a sure fix.”
“We are open for business, and we are slow, but there’s no indication of any data loss or that personal information was compromised,” Mr. Diorio added.
The FBI is aware of the incident and monitoring the situation, WSOC-TV reported.
More than 1 million people resided in Mecklenburg County as of the 2015 census, making it the most populous county in the state.
The county has hired two cybersecurity firms to assess the incident in addition to being offered the assistance of the state’s chief information officer and secretary of public safety, WSOC-TV reported.
Ransomware distribution has increased “dramatically” during the last five years and “will continue to be prolific as long as ransomware authors continue to find the business lucrative,” American cybersecurity firm FireEye said in a report released Friday.
Cybercriminals stand to make up to $2 billion in 2017 off of ransomware payments, according Bitdefender, a Romanian security firm, CyberScoop reported last month.