Deputies processed arrests by hand and building code officers used paper records Wednesday as one of North Carolina's largest counties considered how to respond to a hacker who froze county servers and is demanding ransom. A $25,000 ransom in bit coin was being sought for the files being held.
Diorio said Mecklenburg County officials are considering paying the ransom but are also evaluating how much it would cost to decrypt the files themselves. The employee clicked on an attachment, which copied a malicious program - called "LockCrypt" - onto his or her computer, then onto a chain of county servers.
In a news release, County Manager Dena Diorio said the regional government is confident its backups are secure, and it has the resources needed to restore the data.
"We don't believe we were targeted", Diorio said. If so, the county may be able to access the files quickly.
Mecklenburg County, which is home to more than 1 million residents and includes Charlotte, the state's most populous city, has had contact with Gov. Roy Cooper's office, the FBI, Secret Service, Department of Homeland Security and with companies including Bank of America, which is headquartered in Charlotte. The city released a statement Wednesday that its separate computer systems have not been affected and that it has severed direct connections to county computers.
But Flowers Grube said the problems don't extend to processing emergency calls, which is handled by the city of Charlotte.
County officials said this is a "new strain" of ransomware and are calling this situation "patient zero".
The Department of Social Services is asking customers to confirm transportation scheduling. The episode, he said, is really about the county's ability to recover data after disasters, whether a cyber-attack or a fire. Diorio said departments including the code enforcement office were using paper records.
Vice Chair Jim Puckett said that the hackers are likely to comply because it makes them look more credible in future attacks.
Earlier, Diorio said there was no indication any data had been lost or personal information compromised.
County information technology director Keith Gregg says the attack infected about 48 of the county's 500 servers - up from the original 30 estimated on Tuesday. But without getting the compromised servers unlocked, the county will have to rebuild significant parts of the system. "It will take time, but with patience and hard work, all of our systems will be back up and running as soon as possible".
Federal and local authorities were not involved in the investigation Tuesday night. He said it's because some messages are well disguised and employees open them up. He said local governments are "easy targets" due to their older equipment and software.
Diorio says the county is working with its outside cybersecurity contractor and has consulted with experts at places like the Federal Bureau of Investigation and Bank of America.
"They want people to know if you pay them, they will give it back", Puckett said.