Ransomware Attacker Demands $23K from Mecklenburg County | Tripwire

Ransomware Attacker Demands $23K from Mecklenburg County

Posted on December 6, 2017
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack
A criminal who infected the computer systems of Mecklenburg County with ransomware has demanded a ransom payment of $23,000 for the decryption key. On 5 December, the government for Mecklenburg County, North Carolina informed its Twitter followers that it was "experiencing a computer-system outage." https://twitter.com/MeckCounty/status/938103236778708993 In a statement posted to the County's website, government officials explain the impact of the incident:
"... [A]ll County-wide Information Technology Services (ITS) systems will be shut down until further notice. This will affect email, printing and other County applications, including the ability to conduct business at most County offices. At this time, there is no Estimated Time of Recovery (ETR) available. Each County department is activating its Continuity Of Operations Plan, which is designed to address situations like this. If you are planning to go to a County office to conduct business, please contact the office prior to going to ensure you can be served."
Mecklenburg County doesn't go into further detail about what happened. Local news outlets do, however. According to the Charlotte Observer, the County suffered a ransomware attack when an employee opened a malicious email attachment. The unknown ransomware subsequently encrypted the County's files. International Business Times reports that the attachment also loaded a crypto-mining program designed to consume the County's collective network CPU to mine for Bitcoin. Officials have until 13:00 Wednesday to meet the attacker's demands of $23,000 for the decryption key. County Manage Dena Diorio says she's still deciding whether to fulfill that command. She told the Charlotte Observer it's a tough choice that involves many elements of uncertainty:
"If you pay the bitcoin, there is always a risk they won’t give you the encryption key. And they could go back for more (money). We need to determine how much it would cost (to pay) versus fixing it on our own. There are a lot of places that pay because it’s cheaper."
As of this writing, the Mecklenburg County is working with third-party experts to figure out what to do. Several of its departments are attempting to switch to paper in the meantime so that they can continue to do business. Diorio doesn't think the County was targeted specifically, which points to the reality that ransomware threatens all organizations and users. It's essential, therefore, that companies invest in security controls such as data backups. To learn more about data restoration and other fundamental security measures, click here. News of this attack comes close to a year after a county located in Ohio suspended its IT system following a ransomware attack that affected computers inside its government center.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!