N.C. county rejects hackers' $26K ransom demand to unlock infected computers

Doug Stanglin | USA TODAY

Officials in North Carolina's Mecklenburg County have rejected ransom demands of hackers who wanted more than $25,000 to unlock dozens of files they encrypted on county servers.

"I am confident that our backup data is secure and we have the resources to fix this situation ourselves," county manager Dena Diorio said in a statement Wednesday. "It will take time, but with patience and hard work, all of our systems will be back up and running as soon as possible."

The hackers, believed to be from either Iran or Ukraine, gave Mecklenburg County officials a 1 p.m. Wednesday deadline to pay a ransom of 2 Bitcoin, or some $26,000.

The ransomware known as LockCrypt affected 48 of 500 serves and knocked out or slowed online services from a number of county offices. Mecklenburg, which includes the city of Charlotte, is North Carolina's most populous county.

Most of the county's data was routinely backed up and could be recovered, although it would take "days not hours," Diorio said.

LockCrypt has been used in recent months to infect computers in companies in the U.S., United Kingdom, South Africa, India and the Philippines, according to bleepingcomputer.com. Victims have paid $3,500 to $7,000 in ransom per machine, it reported.

The ransomware was introduced to Mecklenburg's servers Tuesday through an email attachment sent to a county employee.