Official business in the county serving Charlotte frozen by widespread outage.
Cyber experts believe the hackers operated from Iran or Ukraine and infected the servers with a new strain of ransomware known as LockCrypt, she said.
An email attachment opened by a county employee Tuesday initiated the attack. The attachment contained a “worm” that began encrypting the county’s files. It also contained an email address and instructions on how to pay the ransom.
The ransomware was quickly spotted and isolated, but still affected 48 of the county’s 500 servers, Diorio said. The county was “open for business” but many operations had slowed, she added. Because of a backup system, the hack didn’t compromise any personal information or delete any data.
Diorio said all servers were operating, but information on scheduled medical trips by some 300 patients were lost and a domestic violence hotline was sending calls directly to voicemail.
Mecklenburg, with Charlotte as the county seat, serves more than 1 million people as the state’s most populous county.
The hackers originally gave officials until 1 p.m. Wednesday to pay two Bitcoin in exchange for an encryption key that would release the files.
The county faced the dilemma of paying the ransom or reconstructing the system using the backup data.
“If we don’t pay, we will have to rebuild applications from scratch and that will take even longer,” Diorio said.
The officials also weighed whether any encryption key would actually work to unlock the servers and whether they would then be completely free of the ransomware.
Although the deadline passed without a payment, the hackers apparently were taking no action as long as county officials were in communication with them through cybersecurity experts.
During the day, however, the value of Bitcoins soared from $23,000 to $26,000.