Cybercrime in North Carolina is increasing at an alarming pace and recent findings show just how serious the situation has become. The state logged 12,282 cybercrime complaints, making up almost 2% of all reports in the entire country. North Carolina residents and organizations lost a combined $234 million, placing the state 13th nationwide for total financial damage.
State records also reveal a major spike in ransomware activity, with the number of attacks almost doubling in just one year. For businesses across the state, these statistics are a clear sign that it’s time to invest in proper cybersecurity measures.
In this article, we’ll break down six major ransomware attacks that hit North Carolina and explore the lessons companies can take from each case.
6 Big Ransomware Attacks in North Carolina
Data breaches aren’t always a pleasant read. However, looking at cases that happened right here in North Carolina and seeing their impact can help you understand why it’s important to implement stronger cybersecurity into your business today.
1. Greenville, NC ransomware attack (2019)
In 2019, the City of Greenville was hit by a ransomware strike that forced most of its digital systems to go dark. It all began when someone in the police department noticed suspicious activity. Once the IT team confirmed it, they acted fast, taking down the city’s main servers to stop the malware from spreading further.
The decision to disconnect was drastic but necessary. While key emergency services like police, fire, and utilities stayed online thanks to being on a separate network, most other city operations were paralyzed. No major data loss was reported, but the disruption underscored just how quickly ransomware can cripple an entire local government by targeting its servers.
2. Durham County Local Government Ransomware Incident (2020)
Just as the COVID-19 pandemic began ramping up in early March 2020, Durham faced a crisis of its own when a ransomware attack brought its digital backbone to a halt. Because the city and county shared key systems, the malware spread fast and slipped into both networks, including the critical 911 dispatch infrastructure.
At the worst possible moment, when emergency calls were rising due to the unfolding health crisis, responders were forced to fall back on paper logs, handwritten reports, and manual dispatching. Systems used daily by EMS, fire-rescue, police, and the sheriff’s department were suddenly unusable, highlighting that ransomware isn’t just a tech problem. It can directly impact people who are in critical need of help.
3. Colonial Pipeline Ransomware Attack (2021)
In May 2021, a cyberattack on Colonial Pipeline turned into a full-blown national emergency. A criminal group known as DarkSide slipped into the company’s IT systems, locking up vital data and demanding millions to give it back. Colonial, which operates the largest fuel pipeline in the country, was forced to shut everything down because the digital controls were compromised.
Bu the effects rippled far beyond the company. Gas stations from North Carolina to New York ran dry, lines formed, tempers flared, and panic buying set in. A $4.4 million ransom was eventually paid, but the real cost was the realization that one breach in a company’s digital defenses can hit millions of people.
4. North Carolina A&T State University Ransomware Attack (2022)
During what should have been a quiet spring break in March 2022, cybercriminals silently breached North Carolina A&T State University’s systems. With many staff away, the attackers struck at a vulnerable moment, disrupting the daily digital lifelines students and faculty rely on, including Wi-Fi, online classes, email, VPN access, and more.
The ransomware group ALPHV (also known as BlackCat) later claimed responsibility, boasting of stolen personal data like Social Security numbers, financial records, and internal databases.
Though the university later stated that no active staff or students were confirmed impacted, the incident revealed just how deeply ransomware can shake an academic institution.
5. Ransomware on NC’s Biggest Hospitals (2023)
In mid-2023, a hidden cyberattack quietly exposed sensitive data from patients across North Carolina’s largest hospital systems, including UNC Health, Duke, Atrium, and ECU. But the hospitals weren’t hacked directly. Instead, the breach came through a software provider they relied on, Nuance Communications.
Nuance used a file-transfer tool called MOVEit, which was compromised in a global ransomware campaign. Through this backdoor, attackers accessed files containing personal patient details, including names, contact info, and records of medical services received.
Though Nuance acted quickly to secure its systems and investigate, the attack serves as a reminder that ransomware doesn’t just shut down machines. It can shake people’s trust in the places they turn to for care.
6. Ransomware Attacks on NC’s Students and Teacher Data Systems (2025)
In 2025, a ransomware attack struck at the heart of North Carolina’s education system, breaching PowerSchool, the platform used to manage student and teacher records statewide. The systems didn’t just hold names and emails. For some districts, they included sensitive data like Social Security numbers, family contact details, and more.
Although officials say the stolen data was deleted by the attackers, it is never something we can fully trust. Therefore, state leaders and PowerSchool have scrambled to track any traces of the information online, especially on the dark web.
Identity protection services are now being offered to minors, and credit monitoring to adults whose data may have been compromised.
Essential Lessons from These Ransomware Attacks
From city governments to hospitals and schools, ransomware has left a real mark across North Carolina. These attacks disrupted lives, halted services, and exposed personal data, but they left behind some valuable lessons.
- No Industry Is Safe. Whether you’re running a school, clinic, local government, or small business, if you rely on digital systems, you’re a potential target.
- The Costs Go Far Beyond Dollars. Ransomware attacks don’t just hit your budget. They shut down operations, delay services, erode public trust, and create chaos for employees and customers. The cleanup can take weeks or months, and your reputation may take even longer to rebuild.
- Paying Doesn’t Guarantee Safety. Even if you pay the ransom demands, there’s no guarantee your data hasn’t already been copied or sold. Prevention is always cheaper, safer, and smarter than paying for a false sense of recovery.
- One Attack Can Affect Thousands. When a school’s database is hit, it’s not just the institution that suffers. Every student, parent, and teacher tied to that system is directly affected. The same goes for healthcare, utilities, or public safety. Ransomware doesn’t stop at its target; it ripples through entire communities.
- It Can Happen Quietly, Anytime. Many of the worst breaches in NC started silently, spreading unnoticed until it was too late. Just because everything seems fine doesn’t mean you’re secure. That’s why constant monitoring, updated systems, and staff awareness are key to staying ahead of threats.
Mitigate Ransomware Risks with CyberGlobal North Carolina
Ransomware is one of the most crippling types of cyberattacks, and every year it evolves, targeting more industries and costing millions in damages and losses. But with the right security tools and the right team by your side, you can mitigate these risks and protect your organization better.
At CyberGlobal North Carolina, we’ve made it our mission to help local businesses enhance their digital security, restore trust, and give people the confidence to operate in digital spaces safely.
Our cybersecurity services in North Carolina not only cover a wide range of security needs, but they also scale with your organization as you grow. And because we genuinely believe that cybersecurity should be accessible to every individual, we’ve made sure our offering can fit any budget.
But true value at CyberGlobal is not technology alone. It’s the people behind it.
Our highly skilled engineers work closely with your team, guiding you every step of the process as we test your environment for vulnerabilities. We provide detailed reports in plain English, helping you understand the threat landscape and how you can enhance your security before attackers compromise what you value most.
With us, you don’t just get a cybersecurity provider.
You win an ally in the constant fight against cybercrime.
