CHARLOTTE, NC (FOX 46 WJZY) — During the Hack Attack series, we’ve told you what it cost the county and what it took to rebuild 48 servers that were infected in December and held hostage for $23,000 dollars in ransom. But the big question still remains: Why Mecklenburg County? In part three of the Hack Attack, we investigate why our local government was targeted and who was behind the hack attack.
County Officials say the attack came from Iran or Ukraine. Once the servers were rebuilt from back up data, they did not waste resources pursuing the cyber criminals.
“More times than not… these cases are spray and prey,” says Chris Pierson, the CEO and Founder of Binary Sun Cyber Risk Advisors. According to the 2017 Data Breach Investigations report, hackers go after governments and healthcare enterprises almost as often as they do banks and financial sectors. They may not directly steal money in every cyber-attack, but they hold information hostage until they get paid.
“The fact of the matter is that states, local governments are a little further behind on cyber security,” said Pierson. “They happen so fast that you have to have many more people behind the controls and people behind the scenes.”
Ebenezer Gujjarlapudi, Director of Land Use and Environment Agency, was behind his computer when he noticed something was wrong with the county servers back in December.
“We do have system hiccups,” said Gujjarlapudi. “So December 5th was no different in that as we began the day we thought it was just a system hiccup.”
A hiccup turned into the hack attack where almost 50 Mecklenburg County servers were infected and held for ransom. “I would not say we did everything 100% perfect because it was a crisis and we had to have a crisis response,” says Peggy Eagan, Director of DSS.
When we asked the Mecklenburg county Manager why servers were targeted, Dena Diorio said, “I don’t think we were targeted. I think they just go after systems.” But cyber risk advisors say sometimes hackers see local governments as an easy target.
The county continues to patch and repair after the hack attack. Diorio says: “I don’t think you can ever say it will never happen again, but collectively this organization pulled together and I think we are stronger as a team then we were before.”