Hackers Redoubling Efforts After Mecklenburg County Officials Refused To Pay Ransom

The Latest:

Officials say cyber criminals are redoubling their efforts to penetrate Mecklenburg County’s systems after they refused to pay a ransom to hackers.

The hackers are primarily trying to gain access through emails that contain fraudulent attachments with viruses that could further damage our systems, according to a news release.

To limit the possibility of a new infection, ITS is disabling employees’ ability to open attachments generated by Drop Box and Google Documents. The best advice for now is to limit your use of emails containing attachments, and try to conduct as much business as possible by phone or in person.

In the meantime, ITS continues to work nonstop to restore applications and your patience is truly appreciated.

Below is an update of the systems that remain affected:

• Though most printers remain offline, a limited number have been enabled in key offices to improve the County’s ability to conduct business.

• MyTime clocks are working, but may show an unusual message. Some departments may ask employees to manually write down their time until the situation is resolved.

• Employee pay will not be affected for the 12/15 pay date.

• AFM cannot make new badges, change existing badge access levels or provide badge access for new employees.)

• Archibus Work Order system is down.– cannot access system (employees need to call maintenance vendors direct to report maintenance issues)

Click HERE for more details.

Original Story:

CHARLOTTE, NC – Mecklenburg County will not pay thousands of dollars in ransom to hackers who are holding dozens of its servers hostage.

Instead, the county will use back-up data to fix the problem.

“This situation will be resolved in days and not hours,” explained County Manager Dena Diorio.

She decided late Wednesday not to pay the two bitcoins or around $23,000 the hacker is demanding.

The county says its back-up data is secure, but it will take days to rebuild applications from scratch.

“It’s taking us time based on being very vigilant to ensure that we don’t reinfect,” explains Mecklenburg County IT director Keith Gregg.

County leaders say the ransomware is called “Lockcrypt” and the hacker is likely operating out of Iran or Ukraine.

In the meantime, several offices are seeing an impact.

“We are using multiple methods at various county locations to make sure our services are available as possible,” Diorio says.

People wanting to pay property taxes or look up real estate records will have problems. So will those trying to complete a marriage application.

There are also issues at the courthouse and jail. Mugshots and online inmate inquiry is down.

Sheriff Irwin Carmichael says all prisoners set to be released will be able to get out.

“Right now the only thing that has happened with our facility is the process is a little slower, cause we’ve went to manual,” Carmichael says.

Also impacted are important services like the county’s domestic violence line.

Calls are going to voice mail and messages will be returned. Victims can call Safe Alliance for immediate help.