A hacker has taken Mecklenburg County’s computer systems offline and is demanding to be paid a ransom to return access the files, County Manager Dena Diorio says.
It’s likely that the county will pay the ransom near the 1 p.m. Wednesday deadline the hacker set. He or she is demanding to be paid two bitcoins, or the equivalent of roughly $23,000.
Here’s what we know.
How did this happen?
Early Tuesday, the county found that all of their email, printing and web applications had been shut down. Mecklenburg County’s IT department determined that a county employee has fallen victim to a phishing attack and opened an email that gave a hacker credentials to access the systems.
The hacker used ransomware to freeze the county’s access to its files. They also installed a coin-miner program to utilize Mecklenburg County’s network power to mine for bitcoins (here’s a little about that process).
Should I be worried about my personal information?
Diorio says no.
The county keeps little personal information on its servers, and the hacker has not actually stolen any files — just frozen access to them.
Frozen the data, not stolen.
Is the county government still working?
Yes and no. Employees will all be coming in to work. But if you do business with the county, you’re going to have to wait. “It could be days,” Diorio says.
Vendor payments will be delayed. If you’re looking for permits or other services, it could take longer, too. Some departments are trying to do business on paper rather than electronically until the issue is fixed.
Why pay the ransom?
While it’s not a done deal, it will all come down to a risk analysis. The county has brought in some experts who say that many times, businesses or cities will pay.
There’s a risk that the hacker could come back and ask for more money, or just not turn over the files. But most of the time, the hackers just want to be paid and not following through on their end of the bargain risks their entire criminal enterprise.
Also, it’s often “cheaper to pay than to fix it on our own,” Diorio says.
Is the law involved?
Not yet, but I’m told to expect that to happen once the immediate situation is resolved.
This is bad, right?
Yes, it’s actually pretty terrifying. But it’s also the reality of the world we live in.
While this breach exposes massive flaws in the county’s processes and infrastructure, this sort of thing has definitely been on their radar.
Mecklenburg County approved a significant budget increase to the IT department this year. Expect massive overhauls in data security in the coming months.