Officials release ransom note from hackers who got into county s - | WBTV Charlotte

Officials release ransom note from hackers who got into county servers

(Amanda Foster | WBTV) (Amanda Foster | WBTV)
CHARLOTTE, NC (WBTV) -

The ransom note sent from hackers to Mecklenburg County officials, which caused a freeze of county servers, has been released.  The county made copies of the emails available to WBTV Friday afternoon. 

The note from hackers reportedly stated that "All your files have beenencrypted [sic]." A portion of the ransom note said that officials had 24 hours to write the hackers back in an effort to get the encryption lifted.

"You have to pay for decryption in Bitcoins. The prices dependson [sic] how fast you write to us," the hackers said. "After payment we will send you thedecryption [sic] tool that will decrypt all your files."

The hackers warned that officials should not attempt to decrypt the data on their own because it "may cause permanent data loss" and "may cause increased price."

Hackers were reportedly "redoubling their efforts to penetrate the county’s systems" after Mecklenburg County officials decided not to pay a ransom to unfreeze hacked servers, officials said Thursday. 

Mecklenburg County remains open for business as it continues to restore services. 

According to county officials, cybercriminals tried to use emails with fraudulent attachments and viruses to further damage the county's systems. County officials are asking residents and employees to remain patient. 

County Manager Dena Diorio says hackers froze 48 county servers, and asked for two bitcoins in ransom, which totals about $23,000. Prior to Friday’s release, Diorio and other county officials said the hackers made the demand for two bitcoins in their initial ransom letter. But the letter does not specify the amount of the ransom.

Separately, multiple sources—including at least one senior county official—have told WBTV that the hackers were actually seeking a ransom on each server, which would have run the ransom into a range of the hundreds of thousands, if not millions, of dollars.

PREVIOUS: County computer hackers demanding 'substantially' more than first reported

On Thursday, officials said ITS is disabling county employees' option to open attachments in Drop Box and Google Documents. Officials released this statement: 

The county was experiencing a county-wide computer system outage Tuesday afternoon. Just after 6 p.m., officials told reporters that the servers were being held for ransom.

Officials said the repairs would take “days.” They have prioritized repairs on servers affecting health and human services, the courts, and LUESA.

Diorio told WBTV that bringing the 48 servers back to full strength is a process that could go into early 2018.

"We just ask people to work with us and be patient to the best of their ability," Diorio said.

Dioro also expects work to continue through the weekend and through the holidays.

In the meantime, they have asked customers to call these departments to check on their services.

PREVIOUS: How Mecklenburg Co. departments are impacted by server outage

Below is information from county officials given Thursday and Friday of offices affected during the server outage, along with direction for customers moving forward.

Assessor’s Office (CAO)
Non-Operational:

  • County Assessor’s Office reports AssessPro (The Real Property appraisal system), NCPTS (the personal property appraisal system and the billing and collection system) are down. 
  • Polaris and Tax Bill look up county web links are not working.

Criminal Justice Services
Non-Operational:

  • Research & Planning cannot run the daily population numbers without OMS interfacing with our data warehouse.  (Please note that we anticipate a spike in the jail numbers due to the release process being slowed.)

Child Support Enforcement (CSE): CSE is in full Manual Services- still seeing customers here and in the Courthouses, all records are being hand-written and the Clerk’s office is printing/making copies for the Court.

  • Advantage is Down
  • ACTS- Automated Collection and Tracking System is down- which is used to interface with other state and federal systems; document generation; pay histories; charging and billing functions, etc
  • Compass/OnBase is down
  • Dept. Of Vital Records is down
  • Qflow- Used to track customer visits by date, time, visit purpose, service provider, etc.
  • VMWare

Community Support Services: The Domestic Violence Victim Services phone line (704-336-3210) is now fully functioning. 
Non-Operational:

  • ECHO for Substance Use Services (they are documenting on paper & will scan into the system once operational),
  • OnBase for Veterans Services & secure printing and copying. We are seeing clients but Veterans Services may run slower. As soon as we have access to a copier we will run much smoother.
  • All secure printing & coping DOWN.
  • Community Support Services Prevention & Intervention Division is unable to transfer a call from the receptionist to a clinician.

Department of Social Services (DSS): All DSS services and programs are up and running with the exception of individual medical transportation scheduling.

  •  All Public Assistance programs and services are available.  We have made adjustments to work around the systems that are unavailable.
  • Adult Protective Services and Child Protective Services are fully operational.

Transportation Message:

If you have made a transportation reservation through DSS/MTS scheduling, please call Customer Connection at 704-336-4547 to confirm your transportation.  This includes reservations made for bus passes and vendor transportation for trips scheduled through December 11, 2017.

Finance
Non-Operational:

  • Services/support are all manual and limited as most all of our work relies on Advantage as our core financial system.
  • Automated payments, invoicing, procurement, etc.  This means no Electronic funds transfers, processing of procurement requests in the system, or other similar transactions.  Because many of our internal controls are automated, or rely on systems (verifying funds, etc.), most of our services will be manual and slowed, but we should be able to perform them.  We also cannot apply payments received to the balance owed in the system—meaning we will have a backlog and some risk to the extent collections are continuing.

Human Resources

Non- Operational:

  • Applicants cannot apply for vacant positions

Library

  • No changes since last communication

LUESA

The LUESA offices on Suttle Ave continue to operate to provide services to our building community.  If you have urgent permitting and inspection needs, please call 980-314- CODE (2633) and staff will be able to coordinate your request for service.
 
Non-Operational:

  • Code and Storm Water Services cannot review plans or issue new permits until POSSE/Winchester and other supporting systems including GIS, Navision (payment processing) are up.
  • GIS cannot provide addressing and other services including processing register of Deeds data until the GIS servers are back online.
  •  Air Quality services for asbestos reviews etc cannot be performed until the permitting system is up.

 
MEDIC: Nothing affected at this time.

Office of the Tax Collector

Non-Operational:

  • The Office of the Tax Collector can accept cash, check or money order payments at Bob Walton Plaza, if taxpayers bring their real estate and personal property tax bills with them. The Bob Walton Tax Office also now has the ability to search 2017 property tax bills that were unpaid on Nov. 27, 2017. Businesses can bring their completed tax return and pay gross receipts taxes at the Hal Marshall Center using cash, check or money orders. Taxpayers without a completed tax return will not be able to pay gross receipts taxes at this time.
  • Property tax payments cannot be made at the Wilkinson Boulevard location.
  • Tax records and payment information cannot be accessed online or by telephone.
  • Research requests for bankruptcy, tax certificates, tax lien research, or any other service requiring reference to the tax records cannot be performed.
  • All online services including online payment options are not available.

County officials say employees' payroll will not be affected by the Dec. 15 pay date. Officials say most printers are still offline, with a limited number enabled in specific offices. 

Copyright 2017 WBTV. All rights reserved.

Powered by Frankly