Diorio said other hacker victims decide to pay because the ransom is cheaper than resolving the issue on their own. During a press conference scheduled at 2 p.m. Wednesday, county officials said they have not made a decision whether or not to pay the ransom but are planning on making a decision "by the end of the day".
"So while they've frozen the servers, they've not compromised the data and not stolen data, as far as we know at this point".
As of Wednesday morning, the hacker's identity and location were unknown.
Third-party experts retained by the county believe the ransomware is "a new strain" known as "LockCrypt", and "very little is known about it", the county manager said. "And there was no guarantee that paying the criminals was a sure fix", Diorio said in a statement.
According to the Associated Press, on Wednesday Diorio said departments including the code enforcement office were using paper records. "People are moving into houses, you've got houses closing".
Earlier in the day Tuesday, a Mecklenburg County source said the outage was "believed to be due to an external threat".
The computer shutdown has slowed many other county functions - like intakes at the county jail.
Tax Collector: The online tax payment system and change of address forms are working.
A couple county commissioners declined to talk about the attack, saying they don't fully understand the ins-and-outs of it. Commission Chair Ella Scarborough says she doesn't want the county to pay the ransom.
It all started with an email to a county employee that probably looked legitimate. The hackers demanded the $23,000 in Bitcoins as ransom, in exchange for providing the digital key.
She says credit card numbers aren't kept on a server.
Diorio says the county is working with its outside cybersecurity contractor and has consulted with experts at places like the Federal Bureau of Investigation and Bank of America.
Mecklenburg County Sheriff's Office spokeswoman Anjanette Flowers Grube said in an email that deputies are manually processing suspects who have been arrested because its computer system was affected.
"So at this point in time our backups seem to have been highly effective, but we're not racing to make our problems worse".
So why the odd $23,000 ransom?
Charlotte CIO Jeff Stovall said the city is always vigilant but has increased its monitoring of "any activities that are happening on our networks and on our devices", and sent out reminders to staff of the proper handling procedures for emails and attachments. Finally, someone has said enough is enough.
"The more real-time the business is, the more it depends on real-time information, access to information, the more likely the organization is to pay, because it's the fastest way to return to business as usual", Krebs said.
Ransomware being used in Mecklenburg County computers is new.