Mecklenburg slowly rebooting following hack


Tom Foreman - Jonathan Drew - Associated Press



CHARLOTTE — Time-consuming paper transactions slowed business Thursday in North Carolina’s largest metro area as a county government began the long process of restoring computer systems locked down by a ransomware attack.

Mecklenburg County was using backed-up data to make digital repairs after refusing to pay foreign hackers that froze dozens of county servers earlier this week. County officials were also taking new precautions against fraudulent emails because the hackers have tried again to penetrate their computers. No further damage to the system was reported.

In the meantime, services ranging from processing jail inmates to paying tax bills had to be done by hand.

Darryl Broome, a contractor who does remodeling and demolition work, went in person to a county office to retrieve land information he normally could look up on his home computer. He had to drive 10 miles and spent about a half-hour looking through paper records.

“It’s a bit frustrating because you learn that you really need certain things online,” he said. “You get used to doing certain things online, and when you have to slow down, it costs you time and time costs you money.”

The county of more than 1 million residents includes Charlotte, but the city government said its separate computer system wasn’t affected by the attack. Nor were the computers that handle 911 calls and dispatch for the city and county, said Charlotte Fire Department Deputy Chief Richard Granger.

Mecklenburg County manager Dina Diorio told staff in an email Thursday that the county was disabling employees’ ability to open attachments generated through Dropbox and Google Docs because of renewed attacks.

She said that because the county refused to pay ransom, “the cyber criminals are redoubling their efforts to penetrate the County’s systems, primarily through emails that contain fraudulent attachments with viruses that could further damage our systems.”

Many county-run services have been delayed, and officials say it will take days to repair damage from the initial attack. The sheriff has said it’s taking longer to manually process arrestees, as well as inmates due to be released.

Meanwhile, payments to the tax office must be made with a check, cash or money order, while code inspectors have been slowed down by having to use paper records, according to a list of affected services.

Cyberattacks on local government are becoming increasingly common and sophisticated. Security experts say Mecklenburg County followed the right steps before and after the cyberattack, including declining to pay the ransom.

“Unfortunately, it’s become all too common,” said Lawrence Abrams, who runs the cyber security site bleepingcomputer.com. “It’s smart not to pay the ransom if you can avoid it. In paying these ransoms, it’s obviously encouraging others.”

Counties in Indiana and Alabama are among those that have paid to regain access to data frozen by cyberattacks since late last year. The Montgomery Advertiser reported that Montgomery County, Alabama, faced disruptions to some operations even after paying hackers in September.

Other public organizations have chosen to rebuild instead of paying hackers. In November 2016, a ransomware attack on San Francisco’s transit system resulted in officials shutting down ticketing machines, allowing free rides for much of a weekend. But transit officials didn’t pay a ransom. The St. Louis library system said it took days to restore electronic services for patrons and weeks more to fix all of its computers after it refused to pay hackers behind a ransomware attack this year.

Ross Rustici, senior director of intelligence services at the firm Cybereason, said Mecklenburg County appears to have done a good job of backing up its data if it’s able to restore the system without paying the hackers.

“It seems like the county was fairly well-prepared,” he said. “Overall, this is not as bad of a story as it could have been.”

Mecklenburg County revealed Tuesday that it was facing a computer outage after an employee opened an email attachment containing malicious software. Hackers had sought digital currency worth more than $23,000 to unlock the data.

A forensic examination shows 48 of the county’s 500 servers were affected, Diorio said, adding that county government officials believe the hacker wasn’t able to gain access to individuals’ health, credit card or social security information. Without getting the compromised servers unlocked, the county will have to rebuild significant parts of the system using the backup data.

Tom Foreman

Jonathan Drew

Associated Press

comments powered by Disqus