January 09, 2017
The UK's Action Fraud cybercrime reporting centre is warning educational institutions over cybercriminals cold-calling them, posing as government officials, and tricking them into installing ransomware on their systems.
The scam reportedly starts with the crooks calling education establishments claiming to be from the "Department of Education," and then asking them to provide the personal email and/or phone number of the head teacher/financial administrator. They will claim that they need to send guidance forms to the head teacher, which vary from exam guidance to mental health assessments. They ask for personal contact details and not a generic school inbox as they assert that the files contain sensitive information.
The attachment in question includes a .zip file potentially disguised as a Word or Excel document. Once the malicious code has been activated, it will install the ransomware thatencrypts the victim's files. According to Action Fraud, the scam has demanded up to £8,000 ($9828) in ransom money to unlock the files.
It is noted by the fraud reporting centre that the scam can be easily distinguishable as fake because the real name of the educational department is 'Department for Education,' instead of the preposition 'of.' This is something the attackers can easily fix so probably won't be a long term detection mechanism.
Cybercriminals have repeatedly been seen using fake documents as attack vectors for ransomware. Often cloaked as important documents, they contain macros where the ransomware is packaged. Although macros are disabled by default on apps like Microsoft Office, perpetrators convince victims to enable them by saying the real content will be revealed. This will activate the ransomware, wreaking havoc in the host PC.
With this story in consideration, it always pays to be careful of the emails we open, as many are out to deceive us. Creating an offline backup of your files can go a long way too, making sure that all files are safe, in case the worst scenario happens.