Fake email, stolen log-ins opened door to widespread hack on Mec - | WBTV Charlotte

Fake email, stolen log-ins opened door to widespread hack on Mecklenburg County

County Manager Dena Diorio, left, and Chief Information Technology Officer Keith Gregg, right, speak at a press conference last Wednesday at the Government Center about the hacking. (Diedra Laird | The Charlotte Observer) County Manager Dena Diorio, left, and Chief Information Technology Officer Keith Gregg, right, speak at a press conference last Wednesday at the Government Center about the hacking. (Diedra Laird | The Charlotte Observer)

CHARLOTTE, NC (Anna Douglas/The Charlotte Observer) - A foreign-based hacker gained access to at least one government employee’s computer network log-in ID to launch a “ransomware” attack last week in Mecklenburg County, officials said Tuesday.

The cyber-attack knocked multiple data servers and many public services offline and caused widespread outages across Mecklenburg County systems. The county’s “IT (information technology) Incident Response Team” first learned of the problem early in the morning of Dec. 5, said IT chief, Keith Gregg.

By mid-morning, the county began shutting down parts of its network to isolate damage.

RELATED: Officials release ransom note from hackers who got into county servers

A week later, 17 of 200 affected systems have been restored, Gregg said. Those include the court system’s jury management application, an employee payroll platform and several programs at the Department of Social Services.

The incident is still an active “cyber crime scene,” Gregg said Tuesday. The county has hired a cyber forensics firm, called Fortalice Solutions, to assist with recovery, investigation and network restoration.

So far, Gregg said, there’s no evidence that the affected data has been stolen or redistributed by the person or people who hacked into the county’s network of computers. The incident primarily revolved around a “ransomware” attack that consists of a hacker breaking into a system, blocking use of data and demanding money in exchange for restoring access.

RELATED: Meck Co officials will not pay hackers ransom for servers being held

In Mecklenburg County’s case, its system was compromised when an employee inadvertently opened what cyber security experts call a “phishing email” – a message that appears to come from a trusted or known source but actually contains a malicious link, file or attachment. From there, officials believe the criminal gained unauthorized access to the county government’s system using the stolen log-in credentials.

In an update Tuesday, Gregg described the cyber attack as a “freeze” on selected county systems. The attack came with a demand of $23,000, which county officials refused to pay, saying it would not speed up recovery time. Instead, the county said it would restore its system and applications using back up data.

“We could not be in the recovery process if we did not have back ups,” Gregg said.

Still, recovery takes time, he said, because IT professionals want to ensure they do not reactivate infected systems or restore servers that could be vulnerable to another cyber attack. Last week, the county reported a second wave of “phishing” email attempts and responded by blocking employees from opening certain email attachments or file-sharing programs. No new infections came from the follow-up phishing attempts, officials said.

PREVIOUS: County computer hackers demanding 'substantially' more than first reported

County officials say they do not yet have an estimate on financial revenue losses or costs associated with the cyber attack.

The hack comes as Mecklenburg County has spent nearly $16 million over the past three years to improve computer and network security, County Manager Dena Diorio told the commissioners Tuesday.

Those projects included expanded back-up capabilities, increasing firewall protections and new equipment or upgrades in some departments.

Overall, the health of Mecklenburg County’s system and security features were strong at the time of the hack, said Fortalice CEO Theresa Payton on Tuesday. Even the most sophisticated systems, she said, can be vulnerable.

“Often it’s just a matter of time,” Payton said.

  • Local NewsMore>>

  • Resilient NC Transportation Museum boasts bigger attendance, new exhibits

    Resilient NC Transportation Museum boasts bigger attendance, new exhibits

    Thursday, July 19 2018 11:08 AM EDT2018-07-19 15:08:49 GMT
    (David Whisenant-WBTV)(David Whisenant-WBTV)
    (David Whisenant-WBTV)(David Whisenant-WBTV)

    It is a story of resilience and how to survive tough times.  In 2011 the North Carolina Transportation Museum in Spencer appeared to be running out of track. 

    More >>

    It is a story of resilience and how to survive tough times.  In 2011 the North Carolina Transportation Museum in Spencer appeared to be running out of track. 

    More >>
  • Six nurses in same NC hospital unit find out they're pregnant

    Six nurses in same NC hospital unit find out they're pregnant

    Thursday, July 19 2018 10:53 AM EDT2018-07-19 14:53:23 GMT
    Credit: Photo provided to CBSCredit: Photo provided to CBS
    Credit: Photo provided to CBSCredit: Photo provided to CBS

    Six nurses in Winston-Salem, North Carolina are sharing a serendipitous connection. All of them are pregnant, all of them work at an outpatient oncology clinic at the Wake Forest Baptist Medical Center and all of them found out within months of each other.

    More >>

    Six nurses in Winston-Salem, North Carolina are sharing a serendipitous connection. All of them are pregnant, all of them work at an outpatient oncology clinic at the Wake Forest Baptist Medical Center and all of them found out within months of each other.

    More >>
  • One person killed in Burke County house fire

    One person killed in Burke County house fire

    Thursday, July 19 2018 10:28 AM EDT2018-07-19 14:28:43 GMT
    (Steve Ohnesorge | WBTV)(Steve Ohnesorge | WBTV)

    The fire broke out just before 6:30 p.m. at a home on George Hildebran School Road. Officials said the victim's body was found as firefighters were putting the fire out.

    More >>

    The fire broke out just before 6:30 p.m. at a home on George Hildebran School Road. Officials said the victim's body was found as firefighters were putting the fire out.

    More >>
Powered by Frankly