As Atlanta Seeks To Restore Services, Ransomware Attacks Are On The Rise : The Two-Way The FBI says the practice of locking computer systems in exchange for money has become increasingly common, and that cities, schools and hospitals are especially vulnerable to hackers.
NPR logo

As Atlanta Seeks To Restore Services, Ransomware Attacks Are On The Rise

  • Download
  • <iframe src="https://www.npr.org/player/embed/597987182/598192179" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
As Atlanta Seeks To Restore Services, Ransomware Attacks Are On The Rise

As Atlanta Seeks To Restore Services, Ransomware Attacks Are On The Rise

  • Download
  • <iframe src="https://www.npr.org/player/embed/597987182/598192179" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

DAVID GREENE, HOST:

The city of Atlanta is under siege. Many of its online systems were crippled by hackers who were trying to extort tens of thousands of dollars from the city. Cybersecurity experts are warning that the threat to public services may not be over. Here's NPR's Vanessa Romo.

VANESSA ROMO, BYLINE: It's been nine days since Atlanta was attacked, and officials there aren't divulging exactly how they're dealing with the ransomware threat. What we do know are two things. One, the deadline to pay the $51,000 ransom was Wednesday. And, two, this is becoming an increasingly common problem for schools, hospitals, public utilities and law enforcement, which are all prone to having weak online security. Much to his dismay, Steve Giles knows a lot about this.

STEVE GILES: It was awful. Yeah. Everything was blocked, whether it was patient information, whether it was accounts payable information, everything was blocked.

ROMO: Giles is the chief information officer at Hollywood Presbyterian Medical Center in Los Angeles. And one day in February 2016, he found himself having to decide whether to make a deal with hackers who had encrypted nearly all of the hospital's records.

GILES: They hit us twice. They first asked for 22 bitcoin. And at the time, it was, like, $9,000. And then then we paid it, they came back again, said they had sent us the wrong software so we had to pay another 18 bitcoin.

ROMO: That brought the total up to $17,000. And it still wasn't over.

GILES: By paying that, we got an excess of 900 decryption codes that had to be uniquely applied to all servers and PCs.

ROMO: But despite getting duped, Giles maintains it was the right call.

Can I ask why did you pay the second ransom? How did you know that they wouldn't come back with a third?

GILES: Well, I guessed it was a worthwhile bet.

ROMO: It's hard to argue with his logic, especially when you look at Erie County Medical Center in Buffalo, N.Y. Last year, hackers demanded $30,000. Authorities decided not to pay. Their systems went down for six weeks, and it cost them $10 million to recover. Stephen Boyer of BitSight, a cybersecurity rating company, says despite their criminal behavior, hackers have an incentive to hold up their end of the bargain.

STEPHEN BOYER: Because if word gets out that they never decrypt a file, no one will ever pay and they'll never make money.

ROMO: They even set up customer support lines for their victims.

BOYER: If you want to pay and you have a problem, they'll help you make sure that you get transferred into bitcoin and that everything works properly.

ROMO: But meeting the hackers' demands is the opposite of the FBI's advice. The agency says ransomware extortion costs victims more than $2.4 million a year, and paying a ransom just makes matters worse and can inadvertently fund other illicit activities. That's what Matt Jensen believes, and why, as superintendent of Bigfork School in Montana, he and his colleagues refused to, quote, "give in to terrorists" after their computers were paralyzed in a 2016 strike.

MATT JENSEN: We just weren't going to entertain contacting the ransomware folks.

ROMO: It took more than a week to restore the data that had been wiped and cost about double what the hackers were asking. Still, he insists it was a blessing in disguise.

JENSEN: We remedied everything that we could afford to do.

ROMO: And because of that, their system was not compromised when they were attacked for a second time last fall. Vanessa Romo, NPR News.

Copyright © 2018 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.