Services in North Carolina town unavailable after ransomware attack

Residents of Cornelius, North Carolina, are dealing with delayed or unavailable services after a ransomware attack earlier this week.

The town has a population of about 32,000 people and is a prominent suburb of Charlotte located on Lake Norman. Government officials said on the evening of July 11, they discovered a cybersecurity incident later determined to be a ransomware attack.

“The Technology Operations (TechOps) Department immediately severed on-site technology from the network in order to contain the threat and prevent its spread,” the town government said.

“TechOps is working with the North Carolina Local Government Information Systems Association (NCLGISA) and Mecklenburg County Emergency Management to scan and clean all affected devices before the Town returns to normal operations.”

They added that “some services provided by the Town may be temporarily unavailable or delayed” as they work to restore systems.

MaeLynn Joyner, communications manager for Cornelius, told Recorded Future News that all on-site technology has been disconnected from their network.

“Services most affected will be those delivered over the phone or those requiring staff to access files located on our servers, which are in the process of being scanned,” she said. “Emergency services, like 911, are still available.”

But on Twitter, Cornelius Police Department said the main phone line to the police department is down because of the attack. They provided alternate phone numbers for those in need of the police.

Joyner declined to say what ransomware group launched the attack or whether a ransom would be paid.

Last year, North Carolina became the first U.S. state to ban all government entities from paying ransoms associated with ransomware attacks — a controversial measure several cybersecurity experts have questioned.

When the law was passed last year, some worried that it would effectively serve as an additional way for ransomware gangs to extort victims, allowing them to threaten organizations with not only the leak of stolen data but also with unverified claims of being paid a ransom in violation of state law.

Other experts wondered whether ransomware groups would specifically go after government organizations in North Carolina as a de facto warning to other states not to pass similar bans.

Local governments across the U.S. continue to be ripe targets for ransomware groups, with cities and towns in dozens of states affected on a weekly basis.