Officials in North Carolina’s Mecklenburg County say hackers are demanding $23,000 in ransom by early Wednesday afternoon to release multiple files they are holding hostage on the county’s servers. The hackers gave officials until 1 p.m. to pay the ransom with 2 Bitcoin in exchange for an encryption key that would release the files.
Mecklenburg, with Charlotte as the county seat, serves more than 1 million people as the state’s most populous county.
A county employee opening a malicious email attachment Monday led to hackers taking over Mecklenburg County’s entire computer system, freezing all the files. Hackers now say the county has until 1 p.m. Wednesday to pay a ransom of $23,000 if they want the files back, according to a report.
The countywide computer system outage throughout Mecklenburg County offices led to a complete information technology shut down until further notice, county officials said around 1 p.m. Tuesday. “This will affect email, printing and other County applications, including the ability to conduct business at most County offices,” the Dec. 5 notice said.
By Tuesday night, however, officials had more information about what was going on with the system.
County Manager Dena Diorio said a county employee clicked an attachment in an email that exposed the files to the hackers, WCNC-TV reported. The intrusion, in turn, caused a massive systemwide outage.
The shutdown has affected email, printing and other county applications and disrupted routine business at most county offices, WSOC-TV reported.
Diorio said Mecklenburg County officials are considering paying the ransom but are also evaluating how much it would cost to decrypt the files themselves.
Mecklenburg Commissioner Matthew Ridenhour said the county backs up its data regularly, and may have done so recently as over the weekend, The Charlotte Observer reports. If so, that could give authorities the ability to recreate most of the information if the county doesn’t pay the ransom.
WSOC reporter Joe Bruno tweeted that it is unclear where the attack originated, but the hackers are in a time zone seven hours ahead of Charlotte, which would include Russia, where cybercrime is frequently based.
While paying hackers might seem to only incite more cyber-attacks, Schneier said institutions with poor IT security will be targeted again anyway. Ransomware is a bulk business, he said, normally based in areas outside the U.S. that are largely immune from law enforcement.