Ransomware attack takes down LA hospital for hours

February 29, 2016 at 8:18 PM EDT
One of the greatest threats to private cybersecurity today is ransomware -- a cyberattack that blocks access to a computer until the hacker is paid a ransom. The problem recently took on new urgency when a hospital in Los Angeles had its entire network shut down for hours, putting hundreds at risk; another high-profile breach hit L.A.’s health department last week. William Brangham reports.

GWEN IFILL: But, first, a look at what’s become the latest threat to our cyber-security.

The problem took on new urgency recently when a hospital in Los Angeles had its entire computer network, including all its digital medical records, locked up by hackers. They demanded a ransom before they’d release the computers. It was the second such attack this month. L.A.’s Health Department was hit last week.

These types of computer attacks, which usually target individual computer users, are on the rise.

The “NewsHour”‘s William Brangham reported on this threat last year, and now he brings us an update.

WILLIAM BRANGHAM: Inna Simone is retired. She’s a mother and grandmother from Russia who now lives outside of Boston. In the fall of 2014, her home computer started acting strangely.

INNA SIMONE, Retiree: My computer was working terribly. It was not working. I mean, it was so slow.

WILLIAM BRANGHAM: A few days later, while searching through her computer files, Inna saw dozens of these messages — they were all the same. They read: “Your files are encrypted. To get the key to decrypt them, you have to pay $500.”

Her exact deadline, December 2 at 12:48 p.m., was just a few days away.

All her files were locked , tax returns, financial papers, letters, even the precious photos of her granddaughter Zoe. Inna couldn’t open any of them.

INNA SIMONE: It says, “If you won’t pay, your fine will double. If you won’t pay by then, all your files will be deleted and you will lose them forever and never will get back.”

WILLIAM BRANGHAM: Inna Simone, like thousands of others, had been victimized by what’s known as a ransomware attack. Hackers — who law enforcement believe come mainly from Eastern Europe or Russia — manage to implant malicious software onto your computer, usually when you mistakenly open an infected e-mail attachment, or visit a compromised Web site.

That software then allows the hackers to lock up your files, or your entire computer, until you pay them a ransom to give it back.

Justin Cappos is a computer security expert at New York University.

JUSTIN CAPPOS, New York University: It will actually lock you out of the files, the data on your computer.

So, you’d be able to use the computer but those files have been encrypted by the attacker with a key that only they possess. It’s frustrating because you know the data is there. You know the files are there. You know your photos and everything is there and could be accessible to you. But you have no way of being able to get at it because of this encryption that the attackers are using.

WILLIAM BRANGHAM: This is exactly what happened at Hollywood Presbyterian Hospital in Los Angeles. According to officials, about a month ago, their computerized medical records were locked up by one of these malicious programs, and a hacker demanded $17,000 in ransom to unlock them.

During this time, medical staff were forced to use paper and pen for their record-keeping, but they say no patient files were compromised. The hospital decided to pay the ransom. Their computers were unlocked, and the FBI is now investigating.

Inna Simone was facing the same dilemma, whether or not to pay the ransom or not. Computer technicians were no help. She didn’t want to call the police. Her husband at first said don’t pay the ransom, but she wanted those files back.

In their ransom note, the hackers wanted to be paid in Bitcoin, the largely untraceable digital currency, and have it put into their anonymous account. Inna had never heard of Bitcoin, but the hackers, in one of their many touches of what you might call customer service, provided all sorts of helpful facts and links and how-to guides about Bitcoin.

Alina Simone is Inna’s daughter.

ALINA SIMONE, Journalist: If you see the ransom note, you can see, oh, they try to reassure you about Bitcoin. We have got screen shots or here is a link to some kind of a guide that talks you through the whole process, and here’s a list of providers with a little kind of Yelp-like reviews next to each one that kind of explains their strength and weaknesses.

It’s incredibly sophisticated.

WILLIAM BRANGHAM: After days of debate, Inna decided to pay. She sent a money order to a Bitcoin seller, but it was Thanksgiving, and a huge snowstorm hit Boston, which meant the check only arrived the afternoon before her deadline.

In that delay, Bitcoin’s exchange rate had changed, and now her money order didn’t cover the full $500 ransom. It was about $13 short. Her last resort using a Bitcoin ATM machine. There are hundreds of them in the U.S., and one was in Brooklyn, New York, not far from her daughter Alina’s apartment.

ALINA SIMONE: It’s very kind of spooky looking ATM. It has no buttons. It just has a slot that you feed your money into.

WILLIAM BRANGHAM: Tuesday afternoon, the full ransom was sent to the hackers’ account. But it was two hours late. Inna added one short message to the criminals with her payment.

INNA SIMONE: I wrote: “I wish you all will drop dead.”

WILLIAM BRANGHAM: The FBI doesn’t have complete data on how many of these ransomware attacks occur every year, but they’re clearly on the rise.

The anti-virus software firm Symantec reports that hundreds of thousands of these attacks are launched every month. There’s also a real difference of opinion on whether victims should pay. Security researchers say paying ransom only encourages criminals, but the FBI says some of this ransomware is so tough to crack that paying a few hundred dollars is sometimes the only way to get your files back.

MAN: Our information was held hostage.

WILLIAM BRANGHAM: And it’s not just individuals and hospitals who get hit. Hackers have hit several local police stations. We have heard of law firms and newsrooms being targeted. Even the city of Detroit last year had its data held for an $800,000 ransom by hackers. The city didn’t pay.

NYU computer scientist Justin Cappos says, generally speaking, hackers go after smaller, individual targets because they’re pretty easy. Victims often inadvertently download the viruses themselves by clicking on those e-mail attachments.

Besides, he says, the risks of getting caught are low, and if you cast a wide enough net, you will get something.

JUSTIN CAPPOS: When you go fishing, you don’t try to catch every fish in the ocean. You only want to catch some. And if you catch enough of them, then it’s been a profitable trip for you.

WILLIAM BRANGHAM: When her mom got hacked, Alina Simone, who’s a journalist by day, did some research into ransomware for a piece she wrote for The New York Times. She says it’s alarming how organized and easy it is to carry out these kinds of attacks.

ALINA SIMONE: There are people making viruses, selling viruses. There are distributors whose specialty is distributing viruses. These perpetrators, they don’t have to know a line of code. They can just buy a virus and then hire a distributor and send it out.

WILLIAM BRANGHAM: Her mom’s story, however, wasn’t over. Inna had paid the hackers her $500, but rather than releasing her files, as promised, they sent her this message. It said: “You didn’t pay in time for decryption.”

Remember, she’d paid two hours late. Now the hackers doubled the ransom to $1,000, gave her another deadline, and said if she missed this one, they would delete everything.

INNA SIMONE: If you won’t pay by then, your files — all your files are gone forever.

WILLIAM BRANGHAM: Using a message board the hackers provided — another one of those customer-friendly touches — Inna pleaded with the people she’d previously told to drop dead: “We had a snowstorm. It was a holiday. I am only two hours’ late.”

Did this feel strange that you’re trying to communicate to a group of criminals — who knows where they are in the world — saying, you don’t understand, the post office, the snow, Thanksgiving, the long weekend. I mean, you must’ve felt…

INNA SIMONE: But what else? This is the only option. It’s either this or nothing.

WILLIAM BRANGHAM: You didn’t think it would work.

INNA SIMONE: Absolutely not.

WILLIAM BRANGHAM: But, later that day, the hackers released her files in full.

For the “PBS NewsHour,” I’m William Brangham.