LockCrypt ransomware infects 48 Servers of Mecklenburg County

Servers of North Carolina county are compromised

LockCrypt ransomware has stopped the activity of North Carolina County including tax and child support payments, jail and other services^[1]. Experts report that 48 out of 500 servers are infected with a file-encrypting virus which blocks access to the data stored there.

Hackers left the ransom note which claims that the amount of the demanded money depends on how fast the authorities contact the criminals. However, the final amount of the ransom was approximately $23 000^[2].

The fragment of the LockCrypt ransom note, ReadMe.txt file^[3]:

All your files have been encrypted due to the security problem with your PC.
If you want to restore them, write us to the e-mail support: enigmax_x@aol.com or enigmax_x@bitmessage.ch
You have to pay in Bitcoins, and the price depends on how fast you write to us.

Attackers set the deadline at 1 p.m. on Wednesday. Luckily, the county manager, Dena Diorio, reassured that North Carolina is not going to pay the ransom:

It was going to take almost as long to fix the system after paying the ransom as it does to fix it ourselves and there was no guarantee that paying the criminals was a sure fix.

Instead, Mecklenburg county decided to put their servers into quarantine and try to recover data from backups^[4]. Yet, the restoring procedure is time-consuming. Likewise, the citizens and relevant authorities are forced to get back to pen and paper payments.

Employee opened a spam email and infiltrated ransomware

According to the experts, an employee opened an email which was sent from another co-worker's account. Apparently, it was merely an attempt to trick the person to click on the malicious attachment which was appended to the letter. Once it was opened, the ransomware download began, and the servers of North Carolina county were compromised with LockCrypt.

On December 7, the manager of the county reported that the criminals tried multiple other attacks on their systems after they refused to pay the ransom. Likewise, the employees were informed about the possible threats which might hide inside the email attachments.

Tips to protect your systems from ransomware attacks

The senior director at CyberSeason, Ross Rustici, has told the press that small counties and their governments are common targets by hackers since their equipment might be more vulnerable to ransomware attacks^[5]. Due to the fact that data recovery takes days rather than hours, it might be expensive, and the authorities might end up paying the ransom.

However, it might only encourage the criminals to continue their malicious activities. Lack of cybersecurity and IT knowledge of North Carolina government's employees forced the county to suffer from substantial financial losses. Therefore, you should be aware of the following precautionary measure which might save your company from ransomware attack:

• Always use a professional security software to scan your computers for possible threats;
• Update OS and antivirus applications regularly to eliminate system vulnerabilities which might be exploited.
• Scan all files you attempt to download with a robust anti-malware program beforehand;
• Never open suspicious emails which urge to open the attachment or click on a dubious link.