WILLIAM BRANGHAM: Inna Simone is retired, a mother and grandmother from Russia who now lives outside of Boston. Last November, her home computer started acting strangely.
INNA SIMONE: My computer was working terribly. It was not working, I mean, it was so slow.
WILLIAM BRANGHAM: A few days later, while searching through her computer files, Inna saw dozens of these messages — they were all the same. They read: “Your files are encrypted. To get the key to decrypt them, you have to pay $500 dollars.” Her exact deadline — December 2nd at 12:48 pm – was just a few days away.
All her files were locked — tax returns, financial papers, letters — even the precious photos of her granddaughter zoe. Inna couldn’t open any of them.
INNA SIMONE: It says, “If you won’t pay, within one week or whatever, your fine will double. If you won’t pay by then, all your files will be deleted and you will lose them forever and never will get back.
WILLIAM BRANGHAM: Inna Simone — like hundreds of thousands of others — had been victimized by what’s known as a “ransomware” attack. Hackers — who law enforcement believe come mainly from eastern Europe or Russia — manage to put malicious software onto a victim’s computer, often via an email attachment or a compromised website. That software then allows the hackers to lock up your files — or your entire computer — until you pay them a ransom to give it back. Ransom demands have ranged from a few hundred dollars to several hundred thousand.
Justin Cappos is a computer security expert at New York University.
JUSTIN CAPPOS: It will actually lock you out of the files, the data, on your computer. So you’d be able to use the computer but those files have been encrypted by the attacker with a key that only they possess. It’s frustrating because you know the data is there. You know the files are there. You know your photos and everything is there and could be accessible to you. But you have no way of being able to get at it because of this encryption that the attackers are using.
WILLIAM BRANGHAM: Inna was panicked. Computer technicians were no help. She didn’t want to call the police… her husband at first said don’t pay the ransom, but she wanted those files back.
In their ‘ransom note’, the hackers wanted to be paid in bitcoin — the largely untraceable digital currency — and have it put into their anonymous account. Inna had never heard of bitcoin, but the hackers, in one of their many touches of what you might call ‘customer service,’ provided all sorts of helpful facts and links and how-to guides about bitcoin.
Alina Simone is Inna’s daughter.
ALINA SIMONE: If you see the ransom note you can see, oh, they try to reassure you about bitcoin. We have got screen shots or here is a link to some kind of a guide that talks you through the whole process, and here’s a list of providers with a little kind of yelp-like reviews next to each one that kind of explain their strength and weaknesses. It’s incredibly sophisticated.
WILLIAM BRANGHAM: After days of debate, Inna decided to pay. She sent a money order to a bitcoin seller, but it was Thanksgiving, and a huge snowstorm hit Boston, which meant the check only arrived the afternoon before her deadline. And, in that delay, bitcoin’s exchange rate had changed, and now her check didn’t cover the full $500 ransom – it was about $13 short. Her last resort was this bitcoin ATM machine in Brooklyn, NY — conveniently not far from her daughter Alina’s apartment.
ALINA SIMONE: It’s very kind of spooky looking ATM. It has no buttons. It just had a slot that you feed your money into.
WILLIAM BRANGHAM: Tuesday afternoon, the full ransom was sent to the hackers account. But it was two hours late. Inna added one short message with her payment.
INNA SIMONE: I wrote: “I wish you all will drop dead.”
WILLIAM BRANGHAM: The F.B.I. doesn’t have complete data on how often these attacks occur. Computer security researchers estimate close to a million users have been hit globally during the last year. One tech firm estimates that more than a quarter of victims pay the ransom, which cyber security experts discourage because they don’t want to encourage more hacking.
And it’s not just individuals who get hit: hackers have hit several local police stations. We heard of law firms being targeted. Even the city of Detroit had its data held for an 800,000 dollar ransom by hackers. The city didn’t pay.
SUPERINTENDENT TERRY VAN ZOEREN: When you think of a technology hack, you think of data or files that are being destroyed, or taken, ransomware, I learned, doesn’t work the way.
WILLIAM BRANGHAM: Last month, Terry Van Zoeren had to learn all about ransomware when his southern New Jersey school district got hit. Hackers compromised the entire district’s computer system — causing problems with hard drives throughout the system: administrators’, those in the classrooms, the computers that processed kids’ lunch payments, even the standardized tests that were going on when the hack occurred.
SUPERINTENDENT TERRY VAN ZOEREN: We had to shut down student testing for a number of days until we got control of the PCs. And there were 100s of PCs in the district.
WILLIAM BRANGHAM: Van Zoeren said the hackers demanded 500 bitcoin, which at the time was about $128,000 dollars in ransom. School officials didn’t pay (there’s obviously no guarantee paying up gets your data back.) Instead, they called the local police. School officials says no student or parent data was stolen, and after a costly, elaborate rebuilding of their network, they were able to get back up and running.
NYU computer scientist Justin Cappos says hackers go after such seemingly small targets because they’re pretty easy: victims often inadvertently download the viruses themselves by clicking on those email attachments. Besides, he says, the risks of getting caught are low, and if you cast a wide enough net, you’ll get something.
JUSTIN CAPPOS: When you go fishing, you don’t try to catch every fish in the ocean. You only wanna catch some. And if you catch enough of them, then it’s been a profitable trip for you.
WILLIAM BRANGHAM: When her mom got hacked, Alina Simone — who’s a journalist by day — did some research into ransomware for a piece she wrote for the New York Times. She says it’s alarming how organized and easy it is to carry out these kinds of attacks.
ALINA SIMONE: There are people making viruses, selling viruses. There are distributors whose specialty is distributing viruses. These perpetrators, they don’t have to know a line of code. They can just buy a virus and then hire a distributor and send it out. And it’s kind of just an off the shelf, you know—
WILLIAM BRANGHAM: Wow. Plug and play corruption.
ALINA SIMONE: Right. And so that’s sort of the scariest thing that, just one person can just unleash all of this chaos and malice on the world with very little effort.
WILLIAM BRANGHAM: Her mom’s story, however, wasn’t over. Inna had paid the hackers $500 — but rather than releasing her files as promised — they sent her this message. It said “You did not pay in time for decryption.” Remember, she’d paid two hours late — now the hackers doubled the ransom to $1000, gave her another deadline, and said if she missed this one, they’d delete everything.
INNA SIMONE: If you won’t pay by then, all your files are gone forever.
WILLIAM BRANGHAM: Using a message board the hackers provided (another customer-friendly touch) Inna pleaded with the people she’d previously told to ‘drop dead:’ “We had a snowstorm” … “It was a holiday” and lastly: “I am only two hours late!”
INNA SIMONE: So first I sent them about all these obstacles and the fact that I was only two hours late and this is really harsh.
WILLIAM BRANGHAM: Did this feel strange that you’re trying to communicate to a group of criminals — who knows where they are in the world — saying “You don’t understand… the post office, the snow, Thanksgiving, the long weekend…” I mean you must’ve felt–
INNA SIMONE: But what else? I mean, this is the only option. It’s either this or nothing.
WILLIAM BRANGHAM: You didn’t think it would work.
INNA SIMONE: Absolutely not.
WILLIAM BRANGHAM: But later that day, the hackers released her files in full.