Hacker Attacks Mecklenburg County In North Carolina, Disrupt Services, Demands Ransom

The computer systems of the Mecklenburg County, North Carolina, were taken offline by a hacker. To return access to the files, the hacker demanded a ransom of two bitcoins or approximately $23,000, according to Dena Diorio, the county manager. ​County-wide system outages were reported since Tuesday afternoon. The hacker has set a deadline for paying the ransom at 1 p.m Wednesday.

An employee of Mecklenburg County’s IT department reportedly clicked on an attachment in an email Tuesday morning, helping the hacker gain entry to the system.

To deny the county access to its files, a ransomware was used by the hacker and a coin-miner program was installed. This was done to mine for bitcoins using the county’s network power (bitcoin mining refers to the method by which transactions are verified and added to a public ledger. New bitcoins are generated through this process).

Though the county’s computer systems were breached, Diorio said that people needn’t worry about their personal information being accessed by the hacker.

For one thing, the county doesn’t store personal information of its residents in its servers. Also, the hacker just prevented the access to the files and didn’t steal any files from the systems, Diorio added.

She said the county is working with a third-party technology company to decide what to do and added that she is open to paying the ransom, which would be paid in bitcoin.

A question that this scenario brings up is whether the county government remains functional in the short run, given how many jobs are reliant on computer systems. Though employees would be coming to work, Diorio said that if anyone wished to do any business with the Mecklenburg County, they would need to wait. “It could be days,” Dario said.

"In this backdrop, vendor payments would get delayed. Also, if you are seeking permits or other services, that could also take longer," she added.

To minimize the inconvenience to the public, some departments would try and do business on paper until the problem gets resolved.

To solve the problem, the county has enlisted experts who pointed out that more often than not, cities or business establishments whose files or computer systems were compromised end up paying the ransom. This points to the possibility of the same happening with Mecklenburg County as well.

Even if that’s how it turns out, there would still be risks. For one thing, the hacker may return with another attack and ask for even more money. Or maybe they simply wouldn’t return access to the files even after the ransom gets paid. However, in most such cases, it’s reported that hackers simply wish to get paid without risking their criminal career by further meddling.

Also, from the county’s perspective, paying the ransom could be more economic. It’s “cheaper to pay than to fix it on our own,” Diorio said.

The Charlotte Observer reported that as yet, the Mecklenburg Police Department is not involved in the case.

Update: As of Wednesday afternoon official have not decided whether to pay the ransom, however that is an option they are considering.

"There is no evidence at this time that personal, customer or employee information or data has been compromised," Mecklenburg officials said in a statement. "The County is considering all options to fix the situation, including possibly paying the cyber criminals to unfreeze the system. The County is consulting with Federal, state and private stakeholders, including the FBI and Secret Service, while the County works to restore services."

WCNS's Tanya Mendis reports the county believes the hackers behind the Mecklenburg County hack are from either Iran or Ukraine. The ransomware is reportedly called LockCrypt.