Attackers are cold-calling schools while posing as government officials in an effort to infect UK schools’ computer systems with ransomware.
Action Fraud, the United Kingdom’s national fraud and digital crime reporting center, published an alert about the attack campaign on 4 January.
In it, investigators warn that schools have been receiving calls from fraudsters who claim they are from the “Department of Education” (not the Department for Education) and that they need to deliver important documents to the institution’s head teach or financial administrator. The attackers say those documents consist of sensitive materials like exam guidance or mental health assessments. But it’s all a ruse designed to trick targets into opening a suspicious email attachment.
As Action Fraud notes in its bulletin:
“The emails will include an attachment – a .zip file (potentially masked as an Excel or Word document). This attachment will contain ransomware, that once downloaded will encrypt files and demand money (up to £8,000) to recover the files.”
This isn’t the first time fraudsters have attempted to infect UK schools’ computer networks with ransomware. Action Fraud says it’s also received reports of cold-calls from individuals claiming to be from the Department for Work and Pensions as well as from telecom providers.
With that in mind, schools need to take adequate measures to protect their systems against ransomware.
Andrew Stuart, managing director of backup and disaster recovery vendor Datto, feels that effort begins with ensuring that an institution has a data restoration strategy in place. As quoted by The Register:
“Unscrupulous hackers see ransomware as a business, and have already been known to exploit hospitals and even charities, so schools were always possible targets. It is vital that schools review their data backup procedures to ensure that they not only have copies of all critical data, but can restore their data smoothly in the event of a ransomware incident.”
Next, schools should make sure their employees know not to click on suspicious links or email attachments and to update their software when they are prompted to do so. Educational institutions can drive home this message via the help of third-party security awareness software.