Researchers from the British National Fraud and Cyber Crime Reporting Centre ActionFraud have issued a warning about a virus which targets public schools. The people behind the infection use a deceptive distribution campaign.
The virus was dubbed ‘Department of Education’ ransomware. The name derives from the entity the cyber criminals are citing in their email campaign. The hackers introduce themselves as government officials to gain people’s trust.
Schools, whose computer systems contact the infection, would be asked to pay up to ₤8,000 to have their data decrypted. ‘Department of Education’ ransomware can lock important documents, forcing officials to make the expenditure.
The string of the ransomware attack comprises two stages. The first task on the agenda of the cyber criminals is to obtain the email address of the head teacher. They call the school’s personnel on the phone and ask for the contacts of the administrative staff. Their motif is that they need to correspond with the school’s officials on a confidential matter.
The second phase is to send a message to the email address of the head teacher. The letter has a zip folder attached. The sender claims that the archive contains sensitive information. In actuality, the attachment carries the files of the ransomware.
ActionFraud have published an advisory statement to alert UK schools about the viral attacks. The message explains the distribution algorithm of the infection: “Fraudsters are initially cold calling education establishments claiming to be from the “Department of Education”. They then ask to be given the personal email and/or phone number of the head teacher/financial administrator.”
The person on the phone explains that he needs to contact the school’s head teacher in private: “The fraudsters claim that they need to send guidance forms to the head teacher (these so far have varied from exam guidance to mental health assessments). The scammers on the phone will claim that they need to send these documents directly to the head teacher and not to a generic school inbox, using the argument that they contain sensitive information.”
Companies and government institutions alike need to handle their incoming correspondence with the utmost caution. ActionFraud explained that ‘Department of Education’ ransomware is not an isolated case. There have been similar attacks on government branches in recent memory. The most recent attacks saw the hackers misrepresent the Department for Work and Pensions and national telecoms providers. In both instances, the cyber criminals aimed the attack at the head management.