Meck County leaders say 27 servers restored after hacking attack

CHARLOTTE, N.C. — Mecklenburg County leaders provided an update Wednesday afternoon regarding a hacking attack on the county's servers that caused a massive outage.

[Channel 9's full coverage of the ransomware attack]

Hackers breached the county’s servers last week and held files for ransom.

The cybercriminals, believed to be from Ukraine or Iran, froze 48 of the county’s 500 servers.

On Tuesday, county officials said 27 of the affected servers have been restored and that they are making progress.

Mecklenburg County Manager Dena Diorio said a county employee opened an email they shouldn’t have, which helped the hackers infiltrate the system. The ransomware used during the attack is a new computer virus strain called LockCrypt.

The hackers demanded two bitcoin, which equaled about $25,000 at the time, in exchange for the files. Mecklenburg County leaders refused to pay the demand, and instead, they decided to use backup data available prior to the hack to rebuild applications from scratch.

Diorio said there is no evidence that personal, customer or employee information or data was compromised.

The attack affected email, printing and other county applications, including the ability to conduct business at most county offices. Employees were forced to work on paper instead of electronically for some services

[READ: Ransom email from hacker to Mecklenburg County]

The attack and massive rebuilding efforts caught county commissioners like Vilma Leake by surprise.

“I never thought I would sit on a board that is being held hostage and we could not support the people we represent,” Leake said. “I am out here representing the most powerful district we have, and we are at the mercy of crooks.”

Diorio said she hopes that IT workers will have everything back up and running by the end of the year.

While it’s a big task, Keith Gregg, Mecklenburg County’s chief information officer, said county officials are being praised.

“Law enforcement actually approached me and actually thanked really me and Mecklenburg County for the stance against cybercrimes,” Gregg said.

Officials said all county employees were forced to change their passwords in the wake of the attack.

County leaders said that in the next budget cycle, commissioners will need to invest more in cyber safety. They added that they’re continuing to do forensic analysis to ensure that no data was leaked.

Read more top trending stories on