When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Cybercriminals tricking UK schools into installing ransomware

via Bleeping Computer

The UK's Action Fraud cybercrime reporting centre is warning educational institutions over cybercriminals cold-calling them, posing as government officials, and tricking them into installing ransomware on their systems.

The scam reportedly starts with the crooks calling education establishments claiming to be from the "Department of Education," and then asking them to provide the personal email and/or phone number of the head teacher/financial administrator. They will claim that they need to send guidance forms to the head teacher, which vary from exam guidance to mental health assessments. They ask for personal contact details and not a generic school inbox as they assert that the files contain sensitive information.

The attachment in question includes a .zip file potentially disguised as a Word or Excel document. Once the malicious code has been activated, it will install the ransomware thatencrypts the victim's files. According to Action Fraud, the scam has demanded up to £8,000 ($9828) in ransom money to unlock the files.

It is noted by the fraud reporting centre that the scam can be easily distinguishable as fake because the real name of the educational department is 'Department for Education,' instead of the preposition 'of.' This is something the attackers can easily fix so probably won't be a long term detection mechanism.

Modern ransomware employ macros, asking users to click "Enable Content" | via Bleeping Computer

Cybercriminals have repeatedly been seen using fake documents as attack vectors for ransomware. Often cloaked as important documents, they contain macros where the ransomware is packaged. Although macros are disabled by default on apps like Microsoft Office, perpetrators convince victims to enable them by saying the real content will be revealed. This will activate the ransomware, wreaking havoc in the host PC.

With this story in consideration, it always pays to be careful of the emails we open, as many are out to deceive us. Creating an offline backup of your files can go a long way too, making sure that all files are safe, in case the worst scenario happens.

Source: Action Fraud via Bleeping Computer

Report a problem with article
Next Article

Man saved by his laptop in Fort Lauderdale shooting

Previous Article

CES 2017: Need some smart sex toys to track your orgasms? OhMiBod has you covered

Join the conversation!

Login or Sign Up to read and post a comment.

4 Comments - Add comment