North Carolina Police systems infected with ransomware again. Will they pay another ransom?

The number of ransomware attacks reported each month around the world keeps growing and, according to network security specialists, this trend has a very simple explanation. Most victims of the encryption malware are unaware of the mitigation methods of such attacks, and sometimes they do not have a backup of the compromised information, so they have no choice but to pay the hackers to recover their data which only contributes to the financing of future malicious campaigns.

One of the worst possible scenarios is to become a recurring victim of attackers, either because of the constant development of malware or because we simply haven’t learned our lesson. This is the case for officials from Lincoln County, North Carolina, who have reported the second case of ransomware infection in just two weeks.

According to the state network security experts, the first incident was detected on July 26. According to the mayor’s office report, threat actors infected county networks, encrypting access to employees’ computers, as well as taking control of Lincoln’s website.

The second incident occurred last Tuesday night and had a greater impact than the first attack, crippling communications throughout the county, as well as some computer systems used by the North Carolina Police. Authorities say the perpetrators have not contacted them to demand a ransom so far.

“This couple of incidents has put a lot of things in perspective for us, mainly on the measures we need to take to make our IT systems as secure as possible,” said Roy Cooper, North Carolina Governor.

Unfortunately, this is not the only incident that the state’s team of network security experts has recently reported. A few weeks ago, it was reported that the computer systems in Anson and Concrod counties were under attack. “Becoming a victim of ransomware is so easy that you just need to click on a pop-up window or interact with a malicious email”, the experts added.

This was exactly what happened in the late 2017 ransomware incident in Mecklenburg County. A public employee received an email with a malicious attachment that he downloaded to his computer, leaving the door open for hackers to enter county networks. On that occasion, the ransomware encrypted 48 servers, stopping multiple public systems.

The hackers demanded a ransom of more than $20k USD to restore access to locked servers. “It has to be said that it will take several days to address the inconveniences,” the then mayor of the county said. Mecklenburg officials decided not to pay the hackers and implement their own measures to regain access to the compromised information.

Network security experts from the International Institute of Cyber Security (IICS) have reported multiple similar incidents against other county IT systems in states such as Florida, Louisiana, New York, among others. Hackers’ interest in attacking public organizations seems to grow as new variants of encryption malware are developed and, if that were not enough, attackers are not concerned about attracting attention by infecting law enforcement networks in various U.S. territories.