Orange County, N.C., recovering from ransomware attack

The county of about 145,000 residents made relatively speedy progress bringing systems back online and did not pay the ransom, the county's CIO said.
Old Well at UNC-CH
Orange County, N.C. is home to the University of North Carolina-Chapel Hill. (Getty Images)

Information technology officials in Orange County, North Carolina, have been working since Monday morning to undo the effects of a ransomware attack that wormed its way through government systems. And nearly 36 hours after the attack was detected, most public-facing systems have been restored, county Chief Information Officer Jim Northrup told StateScoop.

Northrup said county leaders were notified of the attack at about 6 a.m. Monday after it encrypted public and internal government computer systems serving the county of about 145,000 residents, including wireless internet access in government buildings, computers at the public library, the reservation system for recreational facilities and housing vouchers. Email services for county employees were also shut down for nearly 24 hours.

But Northrup said most of the affected systems are now up and running, which he credited to a team of 17 IT employees “working nonstop” alongside outside contractors and representatives of the state and federal government. County employee email came back online Tuesday morning, he said, while many of the public-facing systems have resumed operations. The county library reported regaining internet access late Tuesday morning.

The county recorder of deeds, which processes real-estate closings, marriage licenses and other major transactions, is still offline, though Northrup attributed that to the recorder’s office’s place in the queue.


There’s no reason for it, it’s just luck of the draw we didn’t get to them,” he said.

While the most visible impacts of the ransomware attack have largely been dealt with, Northrup added that the county will be dealing with the aftereffects “for days and weeks,” particularly as it cleans up network drives to avoid a second infection.

“We are still researching and doing forensics,” he said. “I can tell you we are in a lot better shape than we were yesterday at 6 in the morning than when we were first notified.”

Northrup also declined to identify the name or potential origin of the ransomware virus that struck his county, but he said the county did not pay up. Other local governments have paid, including rural Jackson County, Georgia, where officials earlier this month paid $400,000 to regain access to their computer systems after being hit with the Ryuk virus, which cybersecurity researchers believe originated somewhere in Eastern Europe.

While Orange County, which is also home to the University of North Carolina-Chapel Hill, is still investigating the source of its attacker, Northrup attributed the county’s relative quick return to operations to having good threat detection measures in place.


We’ve had this type of threat happen over the past five or six years at least three or four times,” he said. “We were able to do early detection and got lucky. This case was a little different.”

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts