This ransomware scheme is targeting schools, colleges and head teachers, warn police

Police warn about scam that begins with cybercriminals phoning schools for details of head teachers.
Written by Danny Palmer, Senior Writer

Not even schools are safe from cybercrminals and ransomware.

Image: iStock

Cybercriminals are pretending to be government officials as part of a ransomware scheme which is targeting schools and demanding payments of up to £8,000 to unencrypt the locked files.

Action Fraud, the UK's fraud and cybercrime centre, and the City of London police, have issued a warning over the activity, which begins with criminals contacting the targeted schools with a phone call.

Claiming to be from 'The Department of Education', the caller asks for the email address of the head teacher which they claim they need in order to send them sensitive information which is unsuitable for the school's general email address.

The scammers usually claim the documents contain guidance for the head teacher, ranging from exam guidance to advice on mental health assessments.

Once those carrying out the scheme have the contact details they need, they'll send an email containing a ransomware infected .zip file - often disguised as an Excel or Word document - to the intended victim. If the file is opened, it will execute the ransomware, encrypting files and then demanding a ransom be paid in order to retrieve the files.

Ransom demands have been made for up to £8,000, although the police haven't confirmed if these ransoms have been paid, what ransomware variant is used, or which schools have been targeted.

The authorities have warned schools and colleges to be vigilant about what police have dubbed the "Department of Education" ransomware scam. One key giveaway is that there's no such thing as the Department of Education, with the official name of the authentic government department being the Department for Education.

Action Fraud have also warned teachers and head teachers to be mindful of what information is available on their public social media profiles, as data from the likes of Twitter, Facebook and LinkedIn could be harnessed by cybercriminals to help them get through to the specific target.

Schools should also ensure software is patched and up to date, be on the look out for suspicious messages and regularly back up their data.

But educational establishments are far from the only UK public sector bodies being targeted by ransomware schemes; NHS hospitals have also been a target. One notable example is the Northern Lincolnshire and Goole NHS Foundation Trust which saw a ransomware infection take three hospitals offline and the cancellation of 2,800 patient appointments.

Ransomware has boomed during 2016, with the cost of ransomware attacks amounting to to amount to more than $1 billion during the year.

ZDNet contacted the City of London police for more information about the ransomware attacks and whether or not schools have been forced to pay up, but at the time of publication hadn't received a reply.


Editorial standards