Schools have been warned to stay on guard after security experts discovered a new ransomware campaign targeting headteachers.
According to Action Fraud, cyber criminals are calling educational institutions and asking for staff members’ personal email addresses and phone numbers, claiming that they need to send them guidance forms that contain sensitive information.
The scammers claim that they are from the “Department of Education” – although the UK government’s department for schools is called the Department for Education.
The emails sent to headteachers and financial administrators contain .zip attachments that, if opened, will encrypt users’ files and demand up to £8,000 to restore access.
Action Fraud noted that similar recent scams have involved cyber criminals posing as the Department for Work and Pensions and telecoms providers to gain access.
School employees have been warned to be wary of phone calls asking for personal contact details, double-check callers’ alleged organisations and to avoid clicking on links or opening attachments in unsolicited emails and text messages.
In case ransomware does find its way onto their systems, they are also advised to run reliable anti-virus software, install software updates promptly and create regular backups.
Ransomware is a constant threat to businesses and consumers alike.
Just this week, businesses were warned about a variant called GoldenEye that is distributed to companies’ HR departments in emails designed to look like job applications.
And in December, cyber security experts uncovered a new type of ransomware called Popcorn Time, which gives users their files back for free if they can infect two of their friends.
“For enterprises, as well as the threat of Popcorn Time locking up corporate data, there is also a huge reputational risk if it emerges that employees are spreading it to others via their work email,” said Fraser Kyne, CTO for the EMEA region at Bromium. “This is clearly a board-level concern, so CISOs should be looking at what safeguards they can put in place to prevent it.”
For more on the school ransomware campaign, see the Action Fraud blog.