ON "60 MINUTES": ANYONE ON THE INTERNET SHOULD EXPECT TO BE ATTACKED BY CYBER CRIMINALS, SAYS AN FBI AGENT
COULD YOUR PHONE OR PC BE NEXT?
Steve Long never thought it would happen to his hospital. The CEO had only read about organizations' data held for ransom by cyber criminals. Now his hospital's data was held hostage too - frozen so no one could access it. Soon, this could happen to anyone connected to the internet, says the head of the FBI's cybercrime unit, especially in a world where he says 50 billion devices will be connected to the internet by next year. Scott Pelley explores an increasingly common form of crime known as ransomware that is lucrative and nearly impossible to root out on the next edition of 60 MINUTES, Sunday, May 5 (7:00-8:00 PM, ET/PT) on the CBS Television Network.
Long is the CEO of Hancock Regional Hospital, a 100-bed facility outside Indianapolis. He was awakened one night in January 2018 to learn it was Hancock's turn. "It's something I read in the journals... and I say 'I'm glad that's not going to happen to us'... [but] they had encrypted every file we had on our computers and on the network."
Long says he was given a week to pay a $55,000 ransom for the decryption keys to rescue his hospital's data from the computer virus that held it. "Our only choice was to wipe the system and hope that we had backups or purchase the decryption keys." But his backups were infected - and with the care of his patients as his top priority, Long felt he had no choice but to pay.
Governments and hospitals are vulnerable targets, says Mike Christman, who until a recent promotion ran the FBI's cybercrime unit. But not just companies and governments, he says. "I think everyone should expect to be attacked," Christman tells Pelley. Nobody, including the FBI, knows how many businesses are attacked by ransomware or how many pay up, since most don't report the attacks.
It is surprisingly easy to get the tools needed to commit these crimes, says Tom Pace, vice president of Blackberry-Cylance, a leading security firm. Ransomware, the malware used by the cybercriminals, can be rented online from websites on the dark web that not only maintain the malware's architecture but also provide a chat room to answer criminals' questions. It also gets a commission if the victim pays. Pace demonstrates for Pelley how he can go to the site and encrypt a file of his own in just over five minutes. "Off the shelf. Ready to go," he says.
Central to the success of the malware ransom is the fact that perpetrators don't ask for too much money. "Everybody doesn't have millions to pay, right? So finding the sweet spot and sticking to it has worked well," Pace tells Pelley. The $55,000 Hancock paid seems to be a common figure. A small town in Alabama and the city of Atlanta were asked to pay similar amounts when their data was held. The small town, Leeds, was able to bargain it down to $8,000; Atlanta refused to pay and spent $20 million recovering from the attack and upgrading its systems, but not without losing some significant data.
"Cybercrime has really become a way of life and connected to everything we do... by 2020, we expect to see 50 billion devices worldwide connected to the internet," says Christman. Asked by Pelley how long before ransomware comes to our phones, he replies, "I think it's already on the doorstep for that."
Follow 60 MINUTES on Twitter, Facebook and Instagram.
|