July 25. The Town of Cornelius is thanking the NC Local Government Information Systems Agency, Charlotte-Mecklenburg Emergency Management, City of Charlotte Information Technology Department, DHS, NC National Guard and the FBI, for helping scan the Town’s network for malware.

But the task still isn’t over; in a press release issued last night almost two weeks after the cyberattack began, the Town said it expects to return fully to “regular operation in the coming weeks.”

Indeed, delays to non-emergency services may still occur.

Background

On July 10, a Cornelius Police officer unknowingly interacted with a virus while working on an investigation.

On July 11, the Department of Homeland Security alerted Town Staff to unusual activity within our network.

Last week, a private cybersecurity forensic firm was brought in.

Malware is any software used to gain unauthorized access to IT systems in order to steal data, disrupt system services or damage IT networks in any way. Ransomware is a type of malware identified by specified data or systems being held captive by attackers until a form of payment or ransom is provided.

Ransomware?

The town initially reported it was ransomware “due to its nature and behavior, though we now know instead that it was malware.”

Regardless of what it’s called, none of the town’s servers were compromised, no data was compromised and the incident was isolated to one personal computer, according to a press release from the town.

The phone system was breached making hand-written messages necessary. The Boxcast (live transmission) of last week’s Town Board meeting also failed.

But the Town’s TechOps Department is currently in the process of restoring data to the main servers from backup servers. This process will prioritize data that aids Town emergency services.