Ransomware Shut Down a Whole North Carolina County

The skyline of downtown Charlotte, N.C. Photo: AP
The skyline of downtown Charlotte, N.C. Photo: AP

Hackers were able to lock down several servers of a county government in North Carolina with ransomware this week, locking local officials out of computer systems that manage inmate populations, child support, and other social services. But despite the outages, the county isn’t planning to pay the $23,000 ransom demanded by the hackers.

“I am confident that our backup data is secure and we have the resources to fix this situation ourselves,” Mecklenburg County manager Dena R. Diorio said in a statement on Wednesday. “It will take time, but with patience and hard work, all of our systems will be back up and running as soon as possible.”

Mecklenburg County, which includes the city of Charlotte and surrounding areas, was hit on Monday with ransomware and has been struggling to get its systems back online ever since. In the meantime, county officials have been forced to revert to paper systems.


Population numbers for Mecklenburg County jails are expected to rise, the county said on its website, because the inmate releases have to be handled manually and the entire process is significantly slowed down. Calls to a domestic violence hotline are only able to go to voicemail, the AP reported, so counselors have resorted to regularly checking the messages and trying to get back in contact with callers. The local tax office is also struggling to process payments.

But despite all the disruptions, the county “remains open for business,” its site says.

“It was going to take almost as long to fix the system after paying the ransom as it does to fix it ourselves,” Diorio said. “And there was no guarantee that paying the criminals was a sure fix.”



Kate Conger is a senior reporter at Gizmodo.

Share This Story

Get our newsletter


The City’s CIO needs to be fired, along with whomever was tasked with ensuring the City has a good backup and disaster recovery plan.

In this day and age of cheap and ubiquitous access to cloud computing, there is ZERO REASON to not have some method of rolling to failover servers in a matter of hours. Every single server should have a failover device that can be brought up and integrated in short order. Backups should be taken in 6-hour increments at most — more frequently if the server is operationally critical.

You should be able to have your entire datacenter burn down to the ground — total loss with 0% recoverable data and hardware — and have operations restored within a day at most, with critical operations recovered in a few hours.