CHARLOTTE, NC (FOX 46 WJZY) - In a three-part series FOX 46 Charlotte is following the Mecklenburg County hack attack where 48 servers were infected and held at ransom. In the first part of the series, our Lauren Dugan is finding out just what the December 2017 hack attack cost the county.
County officials are estimating the cost for cyber consultants and employee overtime will be in the $10,000 range. Mecklenburg County Manager Dena Diorio tells FOX 46 Charlotte the budget is set for 2018 and programs will not be cut this year to make up for the unexpected cost of the hack attack.
There is a reserve fund they will pull from that is saved for emergencies like the hack attack. Diorio says the county also plans to speed up I.T. projects before the end of June and present those to the Board of County Commissioners in a couple weeks.
On December 5, 2017, a Mecklenburg County employee clicked on an email, opening the door to a hack.
“On the day that it happened all of our services were down,” says Peggy Eagan, Director of the Department of Social Services. “And we heard very quickly from the county manager that we had a major attack.”
A phishing email infected 48 Mecklenburg County computer servers. International hackers held the servers for ransom.
“It might look like it comes from someone in your company,” says Christopher Pierson, CEO and Founder of Binary Sun Cyber Risk Advisors. “You interact with it and then if your computer is vulnerable, then you have unleashed that threat on your computer and all other connected computers.”
Hackers left behind a ransom note that says in part, “Your files have been encrypted,” “you have to pay for the encryption in bitcoins,” and “after payment we will send you the decryption tool to decrypt your files.”
The hackers demanded pay in two bitcoin totaling $23,000 dollars. Cyber risk advisors like Pierson say bitcoin has allowed hackers to remain untraceable.
“They can be paid 100% anonymously,” says Pierson, “and gain access to files without them being seized by governments or others without them having to say who they are.”
County Manager Dena Diorio says once they found out the county servers were being hacked and held for ransom, they took everything offline.
Departments like Social Services were limited in operations on the day of the hack attack. “We were not able to take food stamp applications,” says Eagan. “We were not able to process Medicaid applications and those are things that have a timeliness standard.”
Besides operations, there was a greater concern on the files at risk. “We have employee bank information, health information, social security numbers,” says Diorio. “That was the next critical step, making sure none of our data had been compromised.”
With a 24-hour deadline, Diorio says she sought advice from the FBI, Homeland Security, the secret service, and cyber consulting agencies.
Many agencies told the county not to pay the hackers because there was no guarantee the servers would be saved.
Diorio tells FOX 46 she did consider paying the ransom fee because the county wanted to “take the path of least resistance” and move on. Some cyber security advisors say paying the ransom fee may be the cheapest option, taking into account how much it would cost to rebuild servers or buy new servers.
Tuesday night at 10:00 p.m., FOX 46 Charlotte continues to dig deeper into this story, asking county officials what files were lost and how long it took to rebuild the infected servers.