MECKLENBURG COUNTY, NC (WBTV) - The primary motive of the cybercriminals' hacking of Mecklenburg County systems may have been identity theft, county officials said Tuesday.
The criminals reportedly planted ransomware to freeze selected systems and then demanded payment to unfreeze them.
"We are an increasing cybercrime target," county officials said in a Tuesday afternoon press conference.
Hackers sent an email to Mecklenburg County officials, causing the server freeze, officials say. Copies of those emails were released to WBTV Friday afternoon.
The note from hackers reportedly stated that "All your files have beenencrypted [sic]." A portion of the ransom note said that officials had 24 hours to write the hackers back in an effort to get the encryption lifted.
"You have to pay for decryption in Bitcoins. The prices dependson [sic] how fast you write to us," the hackers said. "After payment we will send you thedecryption [sic] tool that will decrypt all your files."
Officials said so far, there has been no data leakage discovered.
County offices remain open even though some processes are slower than normal. County officials are asking residents and employees to remain patient.
Mecklenburg County officials decided not to pay a ransom to unfreeze the hacked servers.
"If you don't pay, they sort of move on to the next victim," County Manager Dena R. Diorio said, calling the cybercriminals' tactic a "smash and grab."
Diorio says hackers froze 48 county servers and asked for two bitcoins in ransom, which totals about $23,000. This, despite claims made by other county officials to WBTV that the hackers were actually seeking a ransom on each server, which would have run the ransom into a range of the hundreds of dollars.
The county was experiencing a county-wide computer system outage Tuesday afternoon. Just after 6 p.m., officials told reporters that the servers were being held for ransom.
Officials have not given a timeline for how long the repairs will take, but say they will take "days."
Diorio told WBTV that bringing the 48 servers back to full strength is a process that could go into early 2018.
"Now understand things will come back up incrementally, so as we bring systems online we won't be shot down that long, but by the time we get everything fully restored I would say the first of the year," Diorio said.
Sixteen applications are back online. Diorio says those applications are in the Department of Social Services, Criminal Justice Services, Payroll Processing and Public Health.
Rather than pay hackers demands to get rid of ransomware, the county is taking matters into its own hands.
Below are the systems that are still affected as of Monday night:
Register of Deeds
- The Register of Deeds Office is conducting all normal business, though public access computer terminals used for record research and other application capabilities are extremely limited. In addition, the system used to access funds for prepaid copies is unavailable.
- Code Enforcement is beginning a limited paper permitting process, and resuming limited plan review. Its primary focus will be on emergency/urgent projects.
- Permitting and plan review under this temporary process will require an in-person visit to the office and customers will need to bring multiple copies of paper plans and other paperwork.
- Code Enforcement strongly urges you to call the office and talk with our plan review staff about what documents you will need to bring with you. This will help to minimize any delays when you arrive at the office.
- Commercial customers should call 980-314-CODE and follow the prompts to speak with someone in the Commercial Technical Assistance Center (CTAC).
- Residential customers should call 980-314-CODE and follow the prompts to speak with someone from the Residential Technical Assistance Center (RTAC).
Office of the Tax Collector
- The Office of the Tax Collector can accept cash, check or money order payments at Bob Walton Plaza, if taxpayers bring their real estate and personal property tax bills with them. The Bob Walton Tax Office can now search 2017 property tax bills that were unpaid on November 27, 2017. Businesses can bring their completed tax return and pay gross receipts taxes at the Hal Marshall Center using cash, check or money orders. Taxpayers without a completed tax return will not be able to pay gross receipts taxes at this time.
Officials noted a drastic increase in stolen data records, saying roughly 2 billion data records were stolen in the first half of 2017.