How ransomware works — and why cyber attacks are hitting schools

KGUN 9s Heidi Alagha will have much more on the cyber attack on TUSD tonight at 5 and 6 p.m.

TUCSON, Ariz. (KGUN) — Ransomware, as the name implies, is a digital way of holding your information hostage.

In a situation involving ransomware, the person or persons involved gain access to your computer whether through hacking or by the user himself allowing the bad actors into his system.

For example: By clicking a pop-up or visiting a shady website you can allow those bad actors a way to tunnel into your system — then spread their branches and get hold of nearly everything.

We live in a society where access to your information is only a click away and many companies will sell that information to target ads at you. That's an entirely different story, but the same concept. When a ransomware attack is initiated your files are encrypted by the bad actors. That means you have no access to any of them until you have some means of decryption.

Think of the generic 'bad movie' concept of a guy getting poisoned, and the villain having the only antidote. In the case of ransomware? To get that antidote, the hackers ask that you pay up. And if you don't, not only can your system be "bricked" (meaning it stops working) but that information might also be sold to other malicious entities or leaked somewhere.

While these attacks are dominating headlines across the nation in recent months and years, ransomware has existed since the 1980's. It was called the AIDS Trojan and was handed out on floppy disc by a biologist to members of the World Health Organization's AIDS conference.

That biologist, Joseph L. Popp, created the program—it counted the number of times the infected computer was booted. After 90 reboots, it would lock files on the C drive and ask that users send money to a PO box in Panama. The ransomware was easily decrypted, and Popp was arrested. CNN reporting says that Eddy Willems, one victim of the ransomware, told them nobody knows what Popp's motive was for handing out the discs.

RELATED TEAM COVERAGE:

• Cyber threat takes down Tucson Unified School District's internet network
• TUSD investigates cybersecurity threats as students and staff gain full access to resources

Ransomware infection isn't as simple as it sounds and can be extremely sophisticated. For instance, the virus must communicate with a server for various purposes.That means that the bad actormust have access to a server in a country like Russia or China that doesn't care about the activity and can ensure anonymity. Or attackers could use a proxy or VPN to mask their IP.

Ransomware attacks in recent news are centered on our schools. Just a day ago—on Tuesday, Jan.31—four schools in Nantucket, Mass. were closed following a hacking incident. In 2020 an attack on Baltimore schools cost the school system $10 million.

The Cybersecurity and Infrastructure Security Agency (CISA) has raised the alarm about how vulnerable schools are to cybersecurity threats:

Because schools have operated on large networks, especially during the pandemic, that has made schools even more susceptible to attacks by ever-evolving ransomware. CISA is advocating for more funding for schools to protect their digital infrastructure.

The FBI is cracking down on ransomware attacks. Just last week, they seized the computer infrastructure used by a ransomware gang who had extorted more than $100 million from various institutions across the world.

But the question becomes, why are we currently seeing such an increase in attacks?

According to David Shipley, quoted in an article by Canada's National Post(Canada is also experiencing big issues with ransomware), cyber criminals tend to receive payments in cryptocurrency. With crypto losing a lot of value last year (I wrotean article about NFT's a year ago and as we've all seen in just a year, NFT's are now pretty much a dead medium), criminals are trying to build back—meaning more frequent attacks.

By the way, crypto is the preferred method of payment because it's so hard to trace the transaction.