Hackers Try Again; Diorio Says Restoring County Servers Could Take Until Year's End
Updated 2:34 p.m.
A day after Mecklenburg County announced it would not pay ransom to hackers who locked up data on its computer systems, the hackers appear to have tried again to penetrate county systems. Meanwhile, the county manager says restoring those systems manually could take until the end of the year.
On Thursday, County Manager Dena Diorio warned that the hackers were still at it.
In an email to county workers, Diorio wrote: "As a result of our decision not to pay the ransom, ITS (Information Technology Services) is reporting that the cyber criminals are redoubling their efforts to penetrate the County’s systems, primarily through emails that contain fraudulent attachments with viruses that could further damage our systems."
For now, she said, the county has disabled the ability to open attachments from file services such as Dropbox or Google Docs.
Diorio also used the email to address employees about the incident: "I also want to reiterate that the County is the victim in this situation and that no individual employee should feel responsible for this incident."
FIX WILL TAKE WEEKS
In an interview on on WFAE’s “Charlotte Talks” Thursday, Diorio also said it could be the end of the year before all county systems are back online.
“The prognosis is very, very strong. We are confident that we can get all of our systems restored,” county manager Dena Diorio said. “But we do think it will be two to three weeks before everything is back online. But understand ... things will come back online incrementally over that time.”
Diorio said successful tests of the county’s data backups were a factor in the decision not to pay the ransom.
“That was a key decision for us, to make sure the backup data was clean and that it can be restored. And now that we know that, that was also a big consideration in our decision not to pay,” Diorio said.
The attack happened when an employee opened what looked like a friendly email and clicked on an attachment, the appeared to be from Google, Diorio said. That triggered a worm with a program called “LockCrypt” that spread and encrypted data on 48 of the county’s 500 servers.
In response, the county shut down other servers to prevent further infections.
A note from the hackers that was part of the malicious software said, “Your information is locked,” and gave instructions on how to pay a ransom of two Bitcoins, or about $23,000, Diorio said. The county made contact with the hackers, whom it believes are from either Iran or Ukraine.
Late Wednesday, after those backup tests, Diorio announced that the county had decided not to pay.
Meanwhile, Charlotte city officials said late Wednesday they also noticed suspicious activity on city servers, coming from county servers. A city spokeswoman said there's a firewall between city and county systems to prevent problems. But after the county confirmed that it was seeing the same activity, the city severed all links to county servers as a precaution, the spokeswoman said.
The system shutdown is slowing or halting county services – from building code enforcement to online scheduling for parks and a DSS transportation service.
On Charlotte Talks, Diorio said the affected serves included the county’s child welfare system, and applications that allow the county’s more than 5,000 employees manage and print documents. She said employees are using “alternate means” to do their jobs, including using laptops not connected to the county network.
“I have to say that the employees of Mecklenburg County have been incredibly resourceful and they have been incredibly creative to be able to continue operations as normal, even if they are a little bit hampered,” she said.
The county's decision not to pay brought widespread news coverage beyond Charlotte. That included an article in The New York Times that called the county "a hero." The article said:
"In a world rocked by hackers, trolls and online evildoers of all stripes, the good people of the internet have long looked for a hero who would refuse to back down. Finally, someone has said enough is enough. And that someone is the government of Mecklenburg County, N.C. "