Officials in Mecklenburg County, North Carolina, refuse to pay hackers $ 23,000 in ransom for the return of government records, despite the fact that the cyber attack has virtually halted most of the services local government.
County manager Dena Diorio said Wednesday that officials made the decision after consulting with cybersecurity experts, who cautioned against negotiating with hackers. Instead, Diorio said the county will begin the long and slow process of restoring its files from backup copies.
"I am confident that our backup data is safe and we have the resources to solve this situation ourselves," said Diorio in a press release. "It will take time, but with patience and hard work, all our systems will work again as soon as possible."
The ransomware attack began on Monday, when a county clerk opened an attachment that gave criminals access to government archives, according to WCBC, affiliated with NBC. Diorio said the county has hired a third-party security firm to help manage the negotiations and that the hackers demanded two bitcoins, valued at $ 23,000, as payment in exchange for the files.
Related: & # 39; MalwareTech & # 39 ;, hero who stopped the ransomware attack, pleads not guilty to computer fraud
"Those responsible are Iran or Ukraine," he said to WCNC. "The county has 500 servers, and from now on we know that 48 have been done."
Since the attack, local government activities have slowed at a snail's pace: the police department has to manually process the records, the domestic violence hotline in the country goes to voicemail and even marriage licenses they can not be processed.
Diorio warned that it could take days for the systems to be online again. But according to Tod Beardsley, research director of the cybersecurity company Rapid7, county officials are doing everything right when it comes to handling a ransomware attack.
"Bitcoin is a dream come true for cybercriminals," he said. "It makes sending money internationally very easy and very opaque."
Interrupting that industry means cutting off its funding, and Beardsley said that's why he advises his clients never to pay the ransom.
Related: North Korea already has a devastating weapon: cyber attacks
"You do not know if you are going to recover the compromised data and you do not really know who you are paying," he said. "There's a bit of a delay when you start from the backup, but it's a million times better than paying the ransom."
Mecklenburg County is the last local government to fall victim to a ransomware attack. Last November, Lansing Board of Water & Light of Detroit paid $ 25,000 in ransom to unlock its communications system and, in May, the global ransomware attack called infected "WannaCry" computers around the world attacking a vulnerability in the operating system Microsoft Windows.
Beardsley said that most ransomware attacks depend on an unsuspecting user opening a corrupt file, usually sent as an email attachment, that introduces the virus into the system.
Encourage customers to think of cyber attacks in the same way that they would face a natural disaster: you can not predict when it will happen, but there is a plan in case it happens.
"Think of it like you had a fire in your office or had to rebuild after a hurricane," he said. "You have to treat cyber attacks like any other kind of disaster, and then plan."