The latest numbers from the state show ransomware attacks are up nearly 50 percent in North Carolina, with thousands of people victimized. The data was released as part of the state’s data breach report, with numbers from 2024, showing an increase from 843 incidents to 1,215. 

The report also noted that ransomware attacks “contributed to more than half of all data breaches reported in 2024.”

Other WRAL Top Stories

Ransomware involves hackers locking data from networks, making that data inaccessible to the owner, then demanding a payment to restore access.

Through a public records request, WRAL Investigates retrieved data from the state on which companies were victimized in the ransomware attacks. They included a wide range of targets from doctors’ offices to law firms to schools.

“It can impact any organization of any size across any vertical,” said Mark Lance, Senior VP of Incident Response and Threat Intelligence at GuidePoint Security. 

Lance has the unique job of negotiating one-on-one with the hackers, who are seeking ransom. He says the communications usually occur via web chat. 

“The most common way that victims are notified when they have been impacted is a ransom note on their computer system that says download this browser and go to this specific website, and that is where the interactions and communications would occur,” he explained. 

He said, in roughly 50 percent of his engagements, there is some sort of settlement made between the company and the hacker. 

He explained why he believes payments work in achieving what the companies want. 

“Ultimately [hackers] have a reputation that they need to uphold, similar to a typical organization,” he said. “These are large criminal organizations in most circumstances … [if hackers don’t follow the terms of the payment], that establishes a bad reputation where people are going to stop paying them. And at the end of the day, these organizations are built to monetize and make money.”

Sometimes, the ransomware attacks happen because an employee clicked a suspicious link, or there could be a gap in security at the company itself. 

WRAL Investigates asked the Attorney General’s Office what, if anything, the Attorney General is doing to help keep North Carolinians’ data safe. We have not yet heard back.

Lance said the cyber criminal groups are sophisticated.

“These are not just individuals sitting in their basements,” he said. “These are fully fledged cyber criminal groups that have structure. That have standard operating procedures. We see where they have financial analysts. They’ve got recruiting teams. They’ve got support teams…these are fully fledged organizations, they just happen to be criminal.”

Lance says awareness is the most important thing to combat being a victim.

On Tuesday at 6 p.m., WRAL Investigates speaks with an IT expert about the red flags you should look out for to prevent yourself from becoming another victim.