There are only a couple of hours until 1 p.m. On Monday, a county employee received a phishing email and inadvertently opened an attachment that contained spyware and an attachment. worm in the county computer system.
The county has not released the phishing email. But Mecklenburg County spokesman Danny Diehl said Wednesday that the email seemed to have been routed from the email address of another county clerk, making it look like regular employee-to-employee communication.
Mecklenburg Commissioner Matthew Ridenhour said he had seen a copy of the phishing email.
He said that the email contained a text file. After it was opened by mistake, the file said that the county files were being encrypted. He gave the county an email address and instructions on how to pay the ransom.
"The lawsuit was filed in that file," Ridenhour said.
Ridenhour said the county regularly backs up his data and may have backed up his data recently over the weekend. So, if the county does not pay the ransom, it could still recreate almost all of its data.
The county has said that personal information, such as Social Security numbers and health information, is at risk.
Ridenhour said the attack does not appear to be aimed at collecting information. "These types of attacks do not seek to steal social security numbers," he said. "They want to close their files and receive payments and move out of town."
The county plans to give the public a detailed list of county services that have been affected by the worm, manager Dena Diorio said Tuesday. paralyzed "the county."
After county servers froze on Tuesday, Diehl said the hacker contacted the county, which demanded $ 23,000 in bitcoin in exchange for an encryption key that would free the files. the county will not divulge the email because it is an ongoing criminal investigation.
Diorio said the county is working with a third-party technology company to decide what to do. She said she is willing to pay the ransom, but that paying for it would present a number of problems, including the reward to hackers.
"If you pay for bitcoin, there is always a risk that you will not get the encryption key," he said. "And they could go back." for more (money). "
Diorio said that the decision on whether to pay would be made by her, and not necessarily by the county commissioners.
" We need to determine how much it would cost (pay) versus set "on our own," he said. "There are many places that pay because it's cheaper."  More than 50 cases of data breaches that originated in North Carolina public agencies, including city and county government offices, were reported to the state Attorney General between January and September. 2010 and December 2016, based on information provided to the Charlotte Observer earlier this year in response to a request for records.
The data shows that most reported data infractions were not caused by external hacking or ransomware. It was discovered that less than 1 percent of those reported during the 2010-2016 period were infractions caused by malicious software or hackers.
Most of the data breaches reported by government agencies were cases of stolen laptops, employees who share personal data by mistake with unauthorized persons and confidential documents lost by mail.
Reporting observer Anna Douglas contributed