CHARLOTTE, NC (FOX 46 WJZY) — In a three-part series FOX 46 Charlotte is following the Mecklenburg County hack attack where 48 servers were infected and held at ransom. In the second part of the series, our Lauren Dugan asks county leaders and cyber security advisors what files were lost in the hack attack, and how long it took to rebuild.
County Manager Dena Diorio tells FOX 46 Charlotte it took six weeks to rebuild 48 infected servers from back-up data. They did not have to purchase any new servers, but wiped the existing ones clear.
Cyber risk advisors say the time to rebuild 48 serves over six weeks seems a little long, but the process of rebuilding after a cyber-attack all depends on the resources available.
Mecklenburg County has already taken steps towards preventing another hack, like disabling employees ability to open attachments in Google Docs or Drop Box.
“As soon as we got in that day we noticed something was not right,” said Frank Wirth, Property Tax Collection Supervisor. “It was a bigger problem than ever before.”
When Frank Wirth saw Mecklenburg County tax collection systems failing to function, an intentional hack was already underway.
“The fact that we were being held at ransom, it was the brave new world I guess,” says Peggy Eagan, Director of the Department of Social Services.
County officials say hackers from Iran or Ukraine compromised 48 servers on December 5, 2017, holding them hostage, and demanding $23,000 in a ransom note. With computer services shut down, County Manager Dena Diorio refused to pay up.
“We started to evaluate what was our ability to bring our servers back online?” says Diorio. “All of our I.T. staff worked night and day and had to rebuild each server individually, so it took a long time.”
It took six weeks to rebuild all 48 servers from the ground up, costing the county at least $10,000 dollars for cyber consultants and employee overtime, according to county officials.
Christopher Pierson, CEO & Founder of Binary Sun Cyber Risk Advisors, says the damage justifies the cost: “Do you have to go ahead and buy all new servers, do you have to split the environment and wipe half?”
Some county employees were without email for three weeks after the hack attack. The tax deadline was also approaching fast.
“We were up the week of Christmas,” says Wirth. “So with the tax deadline being January 5th we were up well within that time frame to allow anyone who had not paid the opportunity to pay.”
County Manager Dena Diorio says at this time all the servers are back online. Her team prioritized the rebuild based on departments with immediate needs, like Social Services and Taxes.
“The fact that we didn’t have a data breach is a blessing,” says Eagan.
According to County Officials the hackers were unable to get personal information, lake bank statements or social security numbers.
“We were fortunate in that the ones that hacked us were not the most sophisticated hackers,” says Diorio. “There are some that are a lot more insidious.”
When it comes to hack attacks, cyber security experts say the only protection is to plan for ransomware: “We have to make sure cybersecurity is built in our DNA of companies,” says Pierson. “So that it doesn’t shut down a county or major state or health enterprise.”
The big question still remains: Why Mecklenburg County? Tune in Wednesday night to FOX 46 News at 10 when we investigate why our local government was targeted and who was behind the hack attack.