County computer hackers demanding 'substantially' more than first reported

County computer hackers demanding 'substantially' more than first reported

MECKLENBURG COUNTY, NC (WBTV) - The hackers holding Mecklenburg County's computer files hostage in exchange for payment are demanding substantially more money than first reported, WBTV has learned.

County Manager Dina Diorio first confirmed to reporters Tuesday night that county 30 servers were being held for ransom. Diorio increased the number of impacted serves at a news conference Wednesday afternoon to 48.

Diorio said the county is continuing to analyze the scope of the breach.

The problem was discovered after county employees began experiencing a county-wide computer system outage on Tuesday afternoon.

On Tuesday night, Diorio said the hacker was demanding two bitcoins, which amounts to $23,000, by 1 p.m. Wednesday.

On Wednesday afternoon, Diorio said the county had been in contact with the hackers and believed the hackers had granted an extension to their original deadline.

But it is still unclear how much money the hackers are demanding.

Ransom demand 'substantially' more than county manager claims

WBTV has learned the ransom demand is for 'substantially' more than what Diorio has claimed publicly.

Multiple sources, including at least one county official with knowledge of the ongoing efforts to retrieve the county's data who asked not to be identified in order to provide details of the ongoing internal county discussions, told WBTV the demand was for two bitcoins—or roughly $23,000—per server or, potentially, even per file.

As of late Wednesday morning, county staff was working to determine whether the hacker was demanding two bitcoins for the information on each of the servers or whether the demand was for two bitcoin for each file on the compromised servers.

Even if the breach was limited to 48 servers, at two bitcoins per server, the county could be looking at a minimum bill of just more than $1.1 million.

County violates state law, refuses to release ransom letter

In a phone conversation, Mecklenburg County Public Information Officer Danny Diehl told a WBTV reporter that the station's report was incorrect.

But, when pressed for a copy of the hackers' demand letter and subsequent communication, Diehl said the county would not provide a copy.

The North Carolina Public Records Act makes "all documents, papers, letters," among other documents, in a government agency's possession a public record unless otherwise exempt by other portions of the law.

Diehl said the demand letter may be used in a criminal investigation and, therefore, might be exempt from production under a portion of the Act that makes records of a criminal investigation non-public. But that section of the law also contains a provision that specifically says documents used in a law enforcement investigation are not exempt from production when in the possession of a non-law enforcement agency; in this case, Mecklenburg County.

Mecklenburg County Attorney Ed Yeager also refused to produce the records, citing a different provision of the law. Yeager cited a section of the Public Records Act that allows agencies to withhold sensitive security information.

But, in making his argument, Yeager refused to concede the state's public records law requires agencies to redact non-public information from an otherwise public document; in this case, the demand letters and subsequent conversations with the hackers.

WBTV is continuing to press county officials to comply with state law and release the demand letter.

It is still not clear whether the county will pay the ransom.

Twitter Ads info and privacy

At least two county commissioners said they had not been briefed on the additional information regarding the actual total of the ransom when contacted by WBTV on Wednesday morning.

Copyright 2017 WBTV. All rights reserved.