Mecklenburg County held to Ransom following Cyberattack

It has been reported that a cyberattack slowed county government to a crawl Wednesday in North Carolina’s most populous metro area as deputies processed jail inmates by hand, the tax office turned away electronic payments and building code inspectors switched to paper records.

Data was frozen on dozens of Mecklenburg County servers after one of its employees opened an email attachment carrying malicious software earlier this week.

Commenting on this news is Eyal Benishti, CEO and Founder of IRONSCALES: 


“While some suggest that Mecklenburg County’s refusal, so far, to meet its attackers demands is heroic, it’s actually very sensible. The reality is that, in this situation, there’s no guarantee that the hackers would restore its systems and, in fact, there have been instances previously where having paid the ransom the captors have then increased the demands further.

“In the case of LockCrypt, the malware that has been suggested as responsible for encrypting the council’s files, decryption without a unique key is very difficult and perhaps even impossible. The one positive is that Mecklenburg’s data was backed up, so restoring its compromised systems should be possible, but it is not always straightforward. Several ransomware versions have the ability to also encrypt backups, hopefully this won’t be the case in this instance.

“Hindsight is always a good thing so the county employee who unknowingly opened the email attachment will exercise caution in the future. However, expecting employees not to fall for these messages isn’t enough. This case proves again that this is both a human and machine problem and requires a human and machine solution. Employees need to be aware of the dangers lurking in their inbox and have better tools to help them make quick decisions and flag suspicious packages, supported with automated technology that reacts to these reports, assesses the danger and removes malicious messages from other mailboxes in real time, to help protect the entire network.

“We must employ machine learning algorithms at the mailbox-level to continuously study every employee’s inbox to detect anomalies and communication habits based on a sophisticated user behavioural analysis. Integrate automatic smart real-time email scanning into multi anti-virus, and sandbox solutions so forensics can be performed on any suspicious emails either detected, or reported. The final element is to allow for quick reporting via an augmented email experience, thus helping the user make better decisions.”