County Systems Returning, But Many Services Still Hobbled
Updated 5:19 p.m.
Many Mecklenburg County services remain hobbled after a cyberattack last week that scrambled data on county computer systems. County technology director Keith Gregg said 17 of about 200 key systems have been restored, and the county is being "hyper-vigilant" as it restores the rest, to make sure there's no risk of re-infecting them.
In a meeting with commissioners Tuesday afternoon, Gregg reiterated that personal information on county servers data appears safe.
"At this point, though the forensic analysis is not complete, there does not appear to be any data leakage" Gregg said.
Gregg said county officials have discussed the threat of ransomware and other cyber attacks, as local governments become a more frequent target for hackers. County Manager Dena Diorio said the county is about halfway through a 3-year plan to improve cybersecurity.
"The board of county commissioners has appropriated $16 million to work on IT (information technology) security over the last three years. I don't want that to get lost, because we have been working very hard to stabilize the infrastructure," Diorio said.
One of the county's consultants, Theresa Payton of Fortalice Solutions, said the county has plenty of company. She told commissioners that studies show nearly half of organizations in the U.S. have been victims of ransomware in the past 12 months.
She said cybercrime is one of the only areas where victims get blamed for crime. "It is our professional opinion that Mecklenburg County has done a lot of things right," Payton said. "As it relates to data breaches and cyber crimes such as ransomware, often it's just a matter of time. Mecklenburg County has to get it right 365 days of the year. A cyber criminal, depositing ransomware, just has to get it right once."
In an update late Monday, county manager Dena Diorio said employees worked nonstop through the weekend to begin restoring systems from backed-up data. Officials are taking lots of precautions, too, such as requiring all employees to reset their passwords - twice so far.
Systems restored so far are in Social Services, Criminal Justice Services, Payroll Processing and Public Health have been restored, as of Tuesday afternoon. Among the departments still experiencing limited operations are the Register of Deeds, Code Enforcement, and the Office of the Tax Collector.
In some cases, employees are using paper processes or backup systems to provide limited services, the county said. Code Enforcement is using a paper process to resume some permitting. And staff are resuming plan reviews "on emergency/urgent projects," the county said. Officials recommend calling the department for updates.
Most normal business has resumed at the Register of Deeds, though limited service is available through public access computer terminals.
Payments can be made in person again at the Office of the Tax Collector in Bob Walton Plaza on Stonewall Street, though only with cash, checks or money orders. Taxpayers should bring tax bills with them. The office now has the capability to search for 2017 property tax bills that were unpaid as of Nov. 27.
Officials believe the hackers are from Iran or Ukraine. They sent a message demanding a ransom of two Bitcoins, a secure electronic currency, in exchange for a key that would unlock the data. Those Bitcoins are now worth more than $30,000, but county officials said they wouldn't pay. Instead, they're restoring systems piece by piece using backups.
Diorio has said it could be year's end before all systems are back to normal.
Dec. 12, 2017, MecklenburgCountyNC.gov update on the ransomware attack and recovery