Action Fraud is warning of ‘Department of Education’ ransomware, crooks are posing government officials to trick people into installing ransomware.
This is a story of another string of cyber attacks that leverage ransomware to compromise victims’ machines.
Cyber criminals are targeting schools in the UK, asking victims to pay up to £8,000 to unlock data to unlock encrypted documents.
The British Action Fraud is warning of fraudsters that are posing government officials from the Department of Education in order to trick people into installing ransomware on their computers.
The crooks are initially cold calling education establishments asking for the head teachers’ email addresses, then target them with malicious messages having zip attachments supposedly containing sensitive information. The attachments contain the ransomware.
“Fraudsters are initially cold calling education establishments claiming to be from the “Department of Education”. They then ask to be given the personal email and/or phone number of the head teacher/financial administrator.” reads the advisory published by ActionFraud.
“The fraudsters claim that they need to send guidance forms to the head teacher (these so far have varied from exam guidance to mental health assessments). The scammers on the phone will claim that they need to send these documents directly to the head teacher and not to a generic school inbox, using the argument that they contain sensitive information.”
Educational establishments must be vigilant of such kind of threats and have to check that their systems are up-to-date.
The Action Fraud organization added that similar scams have been carried on by fraudsters claiming to be from the Department for Work and Pensions and telecoms providers. In both cases the cyber criminals target the head teacher.
How to avoid such kind of scams?
First of all, being vigilant of any suspicious activity, even when attackers seem to know your personal details or have details about your staff. In the specific case, note that the “Department of Education” is not a real government department. Hackers used it instead of the real name Department for Education.
Having up-to-date defense solutions and software (i.e. OS and applications).
Never open attachments in unsolicited emails neither click on embedded links.
Make regular backups of your data. Be sure that the data are stored on an external storage system.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.