Mecklenburg County, North Carolina, on Wednesday refused to pay a ransom to cybercriminals who disabled many of the county’s computer applications and demanded $23,000 to unlock the software, official said in a press release.
“I am confident that our backup data is secure and we have the resources to fix this situation ourselves,” County Manager Dena Diorio said in a statement on the county’s website. “It will take time, but with patience and hard work, all of our systems will be back up and running as soon as possible.”
The statement said it would take several days to fix the problem using backup data from before the incident to "rebuild the applications from scratch." Systems involving Health and Human Services, the court system and Land Use and Environmental Services are top priority, according to the statement.
“It was going to take almost as long to fix the system after paying the ransom as it does to fix it ourselves,” Diorio said in the statement. “And there was no guarantee that paying the criminals was a sure fix.”
Earlier, Diorio said there was no indication any data had been lost or personal information compromised. She said the ransomware was a new strain called a lockscript, which appears to have originated in Iran or Ukraine and affected 48 of the county’s 500 servers.
She said the county had reached out to the cybercriminals, who had demanded a ransom of two bitcoins (valued at about $23,000), through a third-party cybersecurity firm and decided against making the payoff. She said the county acted quickly to shut down services to prevent the spread of the virus after it was discovered. The statement added county offices are open and affected departments are using "alternative processes" to conduct business.