WRAL Investigates

Chatham officials didn't pay ransom but still face hefty price from hack

Posted February 15, 2021 5:20 p.m. EST
Updated February 15, 2021 8:53 p.m. EST

— Chatham County government is still recovering from a cyber attack nearly four months ago.

A hacker locked down county computer systems on Oct. 28 in a ransomware attack designed to extort money from the county. Officials didn't pay the ransom but are still paying a hefty price for the hack.

"We’re seeing educational institutions, religious institutions and governments specifically being targeted by these ransomware criminals," Attorney General Josh Stein said Monday. "The criminals know that they don't have the same resources as big banks or large corporations do. So, perhaps these systems are more vulnerable."

Chatham County Manager Dan LaMontagne gave an update to county commissioners Monday night on the attack and the recovery process.

The ransomware code got into the county's computer network through a "phishing" email with a malicious attachment, officials said. In a phishing scheme, hackers send an email to users of a specific network – county employees in this case – and when a single recipient of the email clicks to open the attachment, the hackers have a window into that network.

The hack caused the county to lose use of computers, internet access, office phones and voicemail. The county also had to wipe and re-image servers and more than 550 individual staff computers, and the process of restoring everything isn't yet finished.

Some of the stolen data was posted on the internet.

Chatham County is concerned about any sensitive files that were posted online as a result of the cyber incident," LaMontagne said in a statement. "Our staff has been engaged with the NC Department of Health and Human Services and the NC Attorney General’s Office to ensure we meet the notification/reporting requirements as it relates to disclosures of a breach of protected health information and/or personally identifiable information data.”

Officials are trying to determine what information was put online, and they plan to contact each affected person as they are identified.

"Government has all kinds of information that's really critical to you and me, a lot of our personal information," Stein said. "It's imperative that they train their staff, that they update their software."

Chatham County has a cyber insurance policy to offset the cost of hacks, and officials say they believe the policy will cover "the bulk of the direct costs associated with this incident."

"We are evaluating and implementing additional security measures and reinforcing employee training," LaMontagne said.

Our commenting policy has changed. If you would like to comment, please share on social media using the icons below and comment there.