LEILA FADEL, HOST:
Have you had trouble buying a car lately or picking up a prescription at the pharmacy?
STEVE INSKEEP, HOST:
If so, you may have cybercriminals to thank because ransomware is becoming a global crisis.
FADEL: NPR cybersecurity correspondent Jenna McLaughlin joins us now to talk about recent trends. Good morning, Jenna.
JENNA MCLAUGHLIN, BYLINE: Hey, Leila.
FADEL: So can you quickly remind us what ransomware is and why it's such a problem?
MCLAUGHLIN: Absolutely. So ransomware is a type of malicious code that's designed to lock up its victims' files. And that poses a couple of different problems here. First, we've got privacy. They're not just locking down the files. They're usually stealing them, threatening to leak them everywhere. There's also a disruption to a business, and it's really costly to recover from these kinds of attacks, sometimes so expensive that businesses close.
You mentioned buying a car also. So that's a good recent example. There's a software company called CDK Global, and 15,000-plus dealerships across the U.S. and Canada rely on them. Two weeks ago, they got hit by two ransomware attacks. They've been down ever since. They're hoping to get up by the Fourth of July holiday. We'll see if that happens.
FADEL: OK, 15,000 dealerships, that's a lot. But having trouble buying a car, it doesn't really sound that dire. Is this a big deal?
MCLAUGHLIN: Yeah. It's one thing when it's an inconvenience - you can't buy a car; maybe the school is shut down; the kids can't go in. But it becomes dangerous when cybercriminals start going after critical services. That's your power, water, health care. Health care was actually the most targeted in 2023, and it's really only getting worse. Recently, a private network of hospitals, Ascension - it's 140 different hospitals - in May, they got hit by a cyberattack. And a nurse told me that, in some ways, dealing with it was worse than dealing with COVID.
FADEL: You say it's only getting worse. I mean, is that what the numbers are showing? Is this problem getting worse?
MCLAUGHLIN: Yeah. I wouldn't blame people for feeling that way based on some of the examples that we're talking about.
FADEL: Yeah.
MCLAUGHLIN: I spoke with Kendall McKay. She studies cybercrime at Cisco. She did agree that the scale is bad. Cybercriminals are going after third parties. They know that they'll get more victims that way. But the actual techniques - maybe not. Here, take a listen.
KENDALL MCKAY: We're not seeing these actors exploit zero-day vulnerabilities - quite the contrary. We're seeing pretty unsophisticated techniques.
MCLAUGHLIN: And Leila, for the non-cyber nerds out there, a zero day is a flaw in the code that's been there from the beginning, from day zero, that's never been previously exploited. So these hackers are not doing things like that. It's phishing, basic stuff.
FADEL: OK. So not so advanced. Is that good news? Can they be stopped?
MCLAUGHLIN: Yeah. You know, it's kind of a boring answer, unfortunately, but people need to be using two-factor authentication, password managers, not clicking on sketchy links. That's not to say that this problem won't get harder because cybercriminals advance. They really want to get paid. And this malicious code is leaked all over the internet, and amateurs are using it. Some of this is for governments to figure out. They need to identify what's critical and how to protect it, maybe even introduce dreaded regulation.
FADEL: OK. So what about the average person, though? Where does that leave them?
MCLAUGHLIN: They need to care about this. It's getting hard for them to ignore. When thinking about making choices about health care, where you're spending your money, you need to think about if these companies are doing enough to protect you, if you can rely on them. Plus, these simple hacking techniques can be used against anyone.
FADEL: NPR's Jenna McLaughlin. Thank you, Jenna.
MCLAUGHLIN: Thank you. Transcript provided by NPR, Copyright NPR.
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.
