The largest metropolitan area in North Carolina discovered how difficult it is to do business without county computers that handle numerous transactions on Thursday, a day after local leaders refused to pay hackers who froze their system .
Mecklenburg County computer systems raising property taxes, handling building permits and prosecuting prison inmates were out of service while technology workers performed digital repairs with backed data. Officials say the corrections will take days.
County officials also took new precautions against fraudulent emails because hackers launched a new attack in response to their refusal to pay a ransom. No more damage was reported to the system.
Meanwhile, various transactions with the county government were performed on paper.
Darryl Broome, a contractor who performs remodeling and demolition work, personally went to a county office to retrieve information from the land he might normally look for in his home computer. He had to drive 10 miles and spent about half an hour searching the paper records.
"It's a bit frustrating because you realize that you really need certain things online," he said. "You get used to doing certain things online, and when you have to slow down, it costs you time and money."
The county of more than 1 million residents includes Charlotte, but the city government said it is separate the computer system was not affected by the attack. Nor were the computers that handle 911 calls for the city and the county, said Charlotte Fire Department Deputy Chief Richard Granger.
Dena Diorio, manager of Mecklenburg County, told staff in an email that the county was disabling the ability of employees to open attachments generated through Dropbox and Google Docs due to new attacks.
He said that because the county refused to pay ransom to unlock dozens of frozen servers, "cybercriminals are redoubling their efforts to penetrate County systems, primarily through emails that contain fraudulent attachments with viruses that they could further damage our systems. "
Many services administered by the county have been delayed. The sheriff has said it will take longer to manually process those arrested, as well as the inmates who will be released.
Meanwhile, payments to the tax office must be made by check, cash or money order, while code inspectors have been slowed down by having to use paper records, according to a list of affected services.
Cyber attacks against local government are increasingly common and sophisticated. Security experts say that Mecklenburg County followed the right steps before and after the cyber attack, even refusing to pay the ransom.
"Unfortunately, it has become all too common," said Lawrence Abrams, who runs the cybersecurity site bleepingcomputer.com. "It's smart not to pay the ransom if it can be avoided." When paying for these ransoms, obviously others are encouraged.
The counties of Indiana and Alabama are among those that have paid to recover access to data frozen by cyberattacks since last year. The Montgomery Advertiser reported that Montgomery County, Alabama, suffered disruptions to some operations even after paying hackers in September.
Other public organizations have opted to rebuild instead of paying hackers. In November 2016, a ransomware attack on San Francisco's transit system caused officials to close the ticket vending machines, which allowed free travel for a large part of a weekend. But transit officials did not pay a ransom. The St. Louis library system said it took days to restore electronic services for users and weeks to repair all its computers after this year it refused to pay hackers for a ransomware attack.
Ross Rustici, senior director of intelligence services at Cybereason, said Mecklenburg County seems to have done a good job of backing up its data if it is able to restore the system without paying the hackers.
"It seems that the county was quite well prepared," he said. "In general, this is not a story as bad as it could have been."
Mecklenburg County revealed on Tuesday it was facing a computer crash after an employee opened an email attachment containing malicious software. The hackers had searched for digital currency worth more than $ 23,000 to unlock the data.
A forensic examination shows that 48 of the 500 county servers were affected, Diorio said, adding that county government officials believe the hacker was unable to access individuals' health, credit card or social security information. . Without having unlocked the compromised servers, the county will have to rebuild significant parts of the system using the backup data.
Drew reported from Raleigh, North Carolina.
Follow Drew on Twitter at www.twitter.com/JonathanLDrew.