Cybercriminals took a second turn to the Mecklenburg County government on Thursday after officials rejected a demand for money following a ransomware attack.
Follow-up attempts to keep the county hostage of illegally encrypted data came a few hours after county manager Dena Diorio announced he had decided not to pay a hacker ransom. Instead of agreeing to pay offenders, he said Wednesday, the county will rebuild its system applications and restore files and data from backups.
But on Thursday afternoon, the hackers tried to attack again.
Diorio sent an email to staff members saying: "I have a new warning for employees."
As county computer staff worked to recover from the first cyber attack, Diorio said they discovered more attempts to compromise computers and data on Thursday.
"To limit the possibility of a new infection, ITS is deactivating the ability of employees to open attachments generated by DropBox and Google Documents," he wrote in an email. "The best advice at the moment is to limit the use of emails that contain attachments, and try to make as many business deals as possible by phone or in person."
She described the aftermath of the ransomware attack as a "crisis" and assured employees should not feel personally responsible for the incident.
The county learned of the problem earlier this week after an employee opened a malicious "phishing" email and accessed an attachment that triggered a widespread problem within the computer network and information technology County.
The intention of that ransomware attack was essentially to access as many county government files and data servers as possible. Then, the information was encrypted or blocked, preventing the county employees from accessing operating systems and files. The person or persons responsible for the infiltration demanded that the county pay two bitcoins, or about $ 23,000, in exchange for a release of the blocked data. The county refused to pay.
County officials say they anticipate that recovery time for Mecklenburg County government operations will take days.
"We are open to the public and we are slow, but there is no indication of loss of data or that personal information was compromised," said Diorio.
Diorio said third-party security experts believe that the attack earlier this week by a new strain of ransomware called LockCrypt originated in Iran or Ukraine. Forty-eight of the county's nearly 500 computer servers were affected.
Hack is a wake-up call & # 39;
During a press conference on Wednesday, county officials said the cyber attack is still under investigation, but Diorio said he does not believe the county was specifically targeted for any particular reason. Instead, she and others said that the intention seemed to be a crime for possible financial gain.
A "worm" that originates from the ransomware attack in Mecklenburg County attempted to invade the computer system of the city of Charlotte, said commissioner Matthew Ridenhour who was told.
"When this tried to make the jump to the city, its intrusion detection systems detected it," he said.
County commissioners were informed of the incident on Tuesday, before a regularly scheduled board meeting.
Commissioner Jim Puckett said he believes Diorio has handled the situation well. After consulting with cybersecurity experts, the county discovered that there would be no quick way to recover from ransomware, even if officials paid money to recover the data, Puckett said.
Now, he said, there is work ahead to discover why the county systems were vulnerable to a ransomware attack.
"I certainly hope that the manager and the staff come back and look and see what they could have done better." Puckett said Thursday. "It's almost not a question of" if "- it's a question of" when. "Bad guys are almost always one step ahead, but we have to make sure that we're not three o'clock. steps away ".
The aftermath of El Ciberataque has been a "fluid situation," said Commissioner Pat Cotham, who called the piracy incident a "wake-up call" and said Mecklenburg County needs to take a closer look at its security systems. security.
Cotham said the county, other nearby local governments and the Charlotte-Mecklenburg schools could benefit from a joint discussion and action plan to address cybersecurity.