(NEW YORK) — With much of our lives moving online amid the pandemic, both our personal data and our institutions have become more susceptible to cyber-attacks. Recently, computer systems at Universal Health Services, one of the nation’s largest hospital chains, were taken offline due to a software attack. Surgeries were canceled and ambulances diverted, but the company says no patients were harmed.
Institutions across America, including education systems, face a similar risk, prompting students, teachers, and parents to proceed with caution when clicking links or receiving strange emails.
ABC’s Jim Ryan reported on ransomware for the latest episode of ABC’s Perspective podcast, and how it is threatening American school systems. Ryan spoke with technology expert Neil Underwood of Louisiana, who used the following analogy to describe ransomware:
“If you leave a meeting… walk up to your car and you find it completely encased in ice, you can’t use it. Your car is still there and there’s a lock on it with a code that you would punch in that would give you your car back and allow you to use it. Problem is, you don’t have that code to put in, and there’s a note sitting there that says, ‘Hey, contact me and pay me a half million dollars and I’ll give you the code.’”
In the case of ransomware, the car is a computer server, the digital kidnapper is a hacker who could be anywhere, and their chances of being caught are about zero.
Randy Haba, with the consulting firm DKB Innovative, told Ryan, “Rarely is the individual ever caught. If it’s on a small scale, the ransom is usually paid or if their I.T. company is good enough, they’re able to perform a rollback and restore of any files that were encrypted as a part of the ransomware.”
Haba says these types of attacks have increased this year, and attackers have also figured out a reliable way to get paid:
“Most of the attackers will request money in forms of cryptocurrency, which is currently untraceable by the FBI or any type of government.”
Before the start of school, a cyber-attack happened in the small town of Athens, southeast of Dallas, Texas. Toni Clay works for the Athens Independent School District and spoke with “Perspective.” She says ransomware took hold of computer servers that contain years of records on students and employees, so the district began negotiating with the hackers over a $50,000 ransom:
“We had to operate at two levels. One level was we needed to move as quickly as possible so that if we were not able to recapture any information, we can get ourselves up and running again and get schools started… and on the other level, and the one we were quieter about for obvious reasons, was to try to pull out the data and to beat these guys and tell them, ‘So long.’”
While negotiators stalled the hackers, I.T. specialists found a server that contained the same data but was not connected to the others. The Athens school district had outsmarted the extortionists: it was cleaned and the district determined it would not have to pay the ransom.
According to I.T. specialist Randy Haba, the best protection against ransomware attacks is to educate every student and employee of a school district not to open suspicious emails and not to click any links attached to those emails. Upgrading malware protection and hiring an I.T. security firm can help.
The case of Athens, Texas might be only a hint of the threat school systems are facing this year, and Haba says the threat could grow:
“Pretty soon, it’s going to be an ‘everyone problem’ People are more frequently becoming targets for ransomware, and most of the people pay a ransom and you never even know it because they have no idea what to do when that happens to them, so they just pay the ransom.”
Listen to the rest of this past week’s highlights from Perspective here
Copyright © 2020, ABC Audio. All rights reserved.