The people at Hollywood Presbyterian Medical Center were busy keeping sick people alive on Feb. 5 when they were suddenly presented with an unfamiliar challenge. The computer system had been hacked, and the criminals demanded a ransom paid in bitcoin before they'd restore it. Hollywood Presbyterian had become just the latest victim of what’s called a "ransomware" attack. They were forced to record information on paper, and some patients were transferred to other hospitals. While there’s been no official word on the ransom amount, reports are saying it was 9000 bitcoin, or $3.6 million.
You're on the hackers’ radar too. If it happens, a virus will enter your computer and deny you access to data or shut down key apps. You'll lose photos or vital documents if you don't pay the ransom on time, or they may give you another week and double the amount. Also, you're probably going to have to figure out how to buy bitcoin if you decide to pay up.
Most ransomware attacks originate in Russia, where there are plenty of well-educated young people with impressive computer skills and poor prospects of finding a legitimate job. These are not lone neckbeards hunched over a computer in their bedrooms. Most work for criminal organizations, whose leaders are the types who drink Cristal in the VIP section of a trendy club late at night. These guys are "stars" in underground circles, and photos of them in their latest sports cars appear in hacker magazines.
Some of the ransomware hackers can get pretty imaginative. One scam involved placing what looks like an official notification from the FBI on a target's computer or phone stating that they’ve violated child porn laws, and that their device will be locked until a fine is paid. There are people gullible enough to believe the U.S. government would enforce child porn laws—with no arrest or trial—by simply imposing fines no greater than $500. As these victims were targeted because they visited porn websites, guilt was probably an issue, and perhaps also fear that some of the performers they watched may have been underage.
Americans are obsessed with security and convinced that guns can keep them safe, but no firearm will protect them from a 23-year-old Russian kid dreaming that he might be that guy buying champagne for eager models in the VIP section one day. And many of them are in Russia (some Ukrainians too), and it's gotten to the point where when people hear about ransomware and other such hacker attacks, they just assume it came from Russia. The nation only accounts for about one percent of the global IT economy, so why is it responsible for 35 percent of global cybercrime revenue? The short answer is that Russia has a glut of young people with superior computer and math skills—many of them government-trained—and a shortage of jobs where these skills can be legally used. The hackers know the real money is outside of Russia, and Putin's media machine is constantly reminding Russians they’re the victims of the West, so extorting the citizens and businesses of the oppressor nations becomes easier to justify. Throw in the element of organized crime, which is always looking to expand into new markets, and you've got a haven for hackers.
Hackers have woven themselves into Russian culture now. Their magazines are sold openly in kiosks. They're like bad boy rappers who are admired because they got rich from not giving a damn about the rules. While hacking is technically a crime, Russian law enforcement is lax. It's generally viewed as not really morally wrong. The upshot of this attitude is there’s no societal force applying the brakes to hacking. The Russian economy’s in limbo, so everyone is probably best advised to protect themselves from a ransomware attack. I'm no computer expert, but I do know that regularly backing your computer to a device that is offline works well.
—Follow Chris Beck on Twitter: @SubBeck