Government officials in North Carolina are working on the lengthy process of fixing a county's computer systems after refusing to pay off a hacker who used ransomware to freeze dozens of local government servers.
It will take days to restore Mecklenburg County's computer system, local officials said. Residents in North Carolina's most populous urban area face delays or disruptions to government services.
Law enforcement deputies were processing jail inmates by hand and building code inspectors had to switch to paper records after a county employee unwittingly unleashed the malicious software earlier this week by opening an email attachment.
County manager Dena Diorio said on Wednesday (6 December) that the county would not pay the $23,000 demanded by the hacker who is believed to be in Ukraine or Iran.
Diorio said it would have taken days to restore the county's computer system even if officials paid off the hacker. The decision not to pay will not significantly lengthen the timeframe of repairs, she said.
"I am confident that our backup data is secure and we have the resources to fix this situation ourselves," said Diorio.
Describing county services, she said: "We are slower, but we are up and running."
The county of more than one million residents includes the city of Charlotte but its administration appears not to have been compromised by the attack.
The state's largest conurbation said that its separate computer systems had not been hit and that it had severed direct connections to county computers. The computer problems have not affected the processing of emergency calls because they are handled by the city, said Mecklenburg County Sheriff's Office spokeswoman Anjanette Flowers Grube.
Such attacks are becoming more common — and more sophisticated. A security expert said he reads about a local government being targeted every couple of months.
A hacking attack in 2016 on San Francisco's mass transit system led its operators to allow free rides over part of a weekend because of data problems.
Ross Rustici, senior director of intelligence services at Cybereason, said local governments were "easy targets" because of their older equipment and software.
Paying the ransom can often be cheaper than other ways of recovering the data.
"Once you're in that situation, you really have no good option so a lot of people and companies end up paying," he said.
The North Carolina cyberattack has caused delays for the Mecklenburg County jail and disrupted other county services ranging from domestic violence counselling to tax collection.
Sheriff Irwin Carmichael said it was taking longer to manually process people who had been arrested as well as prisoners who were due to be released. Calls to a county domestic violence hotline are going straight to voicemail, so counsellors are checking messages every 15 minutes, officials told reporters.
The social services department is working to recreate its daily itinerary of 1,600 rides for elderly patients with medical appointments.
Meanwhile, payments to the tax office must be made with a cheque, cash or money order, and code inspectors have been slowed down by having to use paper records, according to a list of affected services.
Diorio said county computers began to suffer on Monday, the day before the attack was made public. A forensic examination showed that 48 of the county's 500 servers were affected, Diorio said.
She added that officials believed that the hacker was not able to gain access to the health, credit card or social security information of individuals.
The compromised servers have been quarantined and even potentially healthy parts of the system have been shut down to avoid spreading the malicious program, said Keith Gregg, the county's chief information officer. But without getting the compromised servers unlocked, the county will have to rebuild significant parts of the system.
Diorio said county technology officials will use backup data from before the ransomware attack to restore the system, but the rebuild would take "patience and hard work".