Dec 6, 2017, 6:47 PM ET

NC county will not make ransom payment to cybercriminals who attacked public services


Mecklenburg County, North Carolina, on Wednesday refused to pay a ransom to cybercriminals who disabled many of the county’s computer applications and demanded $23,000 to unlock the software, official said in a press release.

“I am confident that our backup data is secure and we have the resources to fix this situation ourselves,” County Manager Dena Diorio said in a statement on the county’s website. “It will take time, but with patience and hard work, all of our systems will be back up and running as soon as possible.”

The statement said it would take several days to fix the problem using backup data from before the incident to "rebuild the applications from scratch." Systems involving Health and Human Services, the court system and Land Use and Environmental Services are top priority, according to the statement.

“It was going to take almost as long to fix the system after paying the ransom as it does to fix it ourselves,” Diorio said in the statement. “And there was no guarantee that paying the criminals was a sure fix.”

Earlier, Diorio said there was no indication any data had been lost or personal information compromised. She said the ransomware was a new strain called a lockscript, which appears to have originated in Iran or Ukraine and affected 48 of the county’s 500 servers.

She said the county had reached out to the cybercriminals, who had demanded a ransom of two bitcoins (valued at about $23,000), through a third-party cybersecurity firm and decided against making the payoff. She said the county acted quickly to shut down services to prevent the spread of the virus after it was discovered. The statement added county offices are open and affected departments are using "alternative processes" to conduct business.

News - NC county will not make ransom payment to cybercriminals who attacked public services

RRelated Posts


  • chaos_in_ashland

    Maybe employees should be given a work tablet or smart phone that is specifically for emails and communication, which is also on separate server. One might argue that is overkill, but all it takes is a dumb employee to open the email that says 'click here', and then all of your data is gone.

  • Joseph Sta

    Most likely guilty person who open the ransom ware was a supervisor or director. When i was working in system administration at a local university, some Vice presidents requested and was granted full access to all files. This was against all common sense except for political reasons. The onty time we were forced to recover from ransomware was when the unnamed persons clicked on the wrong buttons . Most of the underlings working for the university had their access limited and they valued their job more the higher ups.

  • JuPMod

    One gold rule... Do not ever click on a link from a *strange* email, even if the address is from someone you know. Sometimes these cyber-criminals get the hold of your friend's or family's member email list, and then spread their 'gotcha' emails to everyone on that list. People, who do not pay attention, sometimes open the files on these emails just because they think it is from a friend or family. Same at work when receiving emails from people you know you do business with.

  • TexasVulcan

    Off-site, not connected backups are the only way to prevent these things.

    At home, I have a backup hard drive. I also use an internet backup to that. I have never had a virus or malware (that I know of) but I am on a Mac and I never click on links in emails unless it's something that I requested.