North Carolina county's ransomware recovery will take days

A sign on the Bob Walton building on Stonewall Street said the records office was closed Wednesday

But officials said December 6 that the county will not pay the more than $23,000 ransom.

"I am confident that our backup data is secure and we have the resources to fix this situation ourselves", Mecklenburg County manager Dena R. Diorio said in a statement on Wednesday.

Such attacks are becoming more common - and more sophisticated.

Diorio said county technology officials will use backup data from before the ransomware attack to restore the system, but the rebuild will take "patience and hard work". In the meantime, county officials have been forced to revert to paper systems.

She says the county consulted with cybersecurity experts before making the decision.

"Based on its attributes, it looks like the criminals are from either Iran or the Ukraine", Diorio said during the press conference. Not paying and instead rebuilding applications could take longer still, she added.

"We know at this time that this recovery will take several days", she said. He said he was told the county hopes to fix the problem "this week".

"You're taking a risk when you do that", he said.

As of late Wednesday morning, county staff was working to determine whether the hacker was demanding two bitcoins for the information on each of the 30 servers or whether the demand was for two bitcoin for each file on the 30 servers.

"Our priorities are going to be systems that affect health and human services, like the Department of Social Services, Health Services, Child Support Services", Diehl said.

Mecklenburg County says this will affect the ability to conduct business at most county offices and say there is now no estimated time for the system to be back on line. The state's largest city issued a statement that its separate computer systems have not been affected and that it severed direct connections to county computers.

It was an email with just such an attachment that was opened earlier this week by a county employee that triggered the freeze on much of the county's computer system.

Charlotte CIO Jeff Stovall said the city is always vigilant but has increased its monitoring of "any activities that are happening on our networks and on our devices", and sent out reminders to staff of the proper handling procedures for emails and attachments.

Officials say they have no idea who the hackers are and no way to track them down.

Related news: