Charlotte’s County Refuses to Pay Hackers $23,000

A new strain of ransomware called LockCrypt, possibly from from Iran or Ukraine, disables some government computers in Mecklenburg County, N.C. Officials will rebuild its files from backups.

Cyber criminals took a second swing at Mecklenburg County, N.C., government on Thursday after officials rejected a demand for money after a ransomware attack, the Charlotte Observer reports. The follow-up attempts to hold the county hostage over illegally encrypted data came just hours after County Manager Dena Diorio said she’d decided against paying a hacker ransom. Instead of agreeing to pay criminals, she said  the county will rebuild its system applications and restore files and data from backups.

As the county’s IT staff worked to recover from the first cyberattack, Diorio said, they discovered more attempts to compromise computers and data on Thursday. The county blocked employees from being able to open attachments generated by DropBox and Google Document. “The best advice for now is to limit your use of emails containing attachments, and try to conduct as much business as possible by phone or in person,” she said. The county learned of the problem this week after an employee opened a malicious “phishing” email and accessed an attached file that unleashed a widespread problem inside the county’s network of computers and information technology. Information was encrypted or locked, keeping employees at the county from accessing operating systems and files. The person or people responsible for the infiltration then demanded the county pay two bitcoins, or about $23,000, in exchange for a release of the locked data. The county refused to pay. Experts attributed the attack to a new strain of ransomware called LockCrypt originated from Iran or Ukraine.