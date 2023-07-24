CORNELIUS, N.C. (WBTV) - The town of Cornelius, in partnership with the North Carolina Cybersecurity Task Force, has finalized a timeline of events regarding the malware attack that was first detected on July 11.

According to a news release, the town has been able to determine that the incident was isolated to one personal computer, issued by the town to an employee, and none of the town’s servers or additional devices were compromised. The town also determined that no data was exfiltrated from its network.

The town’s TechOps Department is currently in the process of restoring data to the main servers from backup servers. This process will prioritize data that aids town emergency services. The town expects to return fully to regular operation in the coming weeks, a news release said.

“This incident was particularly sophisticated and was able to bypass multiple security measures and safeguards that the Town has put into place,” said Cornelius Town Manager Andrew Gant. “Sophisticated viruses, such as this one, are often updated by their creators in order to avoid detection and prevention. It is due to the great work of our TechOps staff that the virus was contained and was not allowed to cause significant damage or pose a greater risk.”

The incident began Monday, July 10, when an officer with the Cornelius Police Department unknowingly interacted with a virus while working on an investigation. The town said its cyber-security measures, which have been in place for years and have prevented thousands of attacks to date, were unable to detect and prevent the virus from entering the network.

The Department of Homeland Security alerted town staff on Tuesday, July 11, to unusual activity within its network. The town’s TechOps Department found the virus and immediately severed all on-site technology and devices in order to proactively contain the threats.

Initial reports designated the virus as ransomware due to its nature and behavior, though the town said it now knows instead that it was malware. The town’s data was not encrypted and a ransom was not submitted, both of which are typical with ransomware.

Over the past several months, the town said it has received at least public inquiry regarding its cybersecurity infrastructure and planning. The town added it has responded to every inquiry with relevant information about its cybersecurity measures and planning. This has been done in a manner that avoids placing the town’s network at undue risk by publicly disclosing information that may provide bad actors with information that can cause harm to the network, the town said.

Multiple agencies, including the N.C. Local Government Information Systems Agency, Charlotte-Mecklenburg Emergency Management, City of Charlotte Information Technology Department, DHS, N.C. National Guard, and FBI, provided the town of Cornelius with resources and helped with scanning the town’s network for the virus in order to determine the scope of the incident.

