Action Fraud Alert
The UK's fraud and cybercrime centre ‘Action Fraud’ issued an alert recently that schools are being targeted by fraudsters using a form of malware known ‘ransomware’.
What is Ransomware?
Ransomware is a form of malware that typically encrypts important files on the victim’s computer. The victim is then given a ransom demand, the payment of which should mean that the encrypted files can be released. In reality, some types of ransomware delete many important files anyway, and paying the ransom does not guarantee that any files will be released.
The Action Fraud alert and police warning relate to recent attempts by criminals to cold-call schools, claiming to be from the Department of Education. The object of the calls has been to obtain the email address of the head teacher / a senior staff member, with the excuse that forms containing sensitive information need to be sent to them. According to Action Fraud, the types of forms that fraudsters have claimed they need to send have varied; anything from exam guidance to mental health assessments.
Step Two - The Malware (Ransomware)
Once the email address of the head teacher / senior staff member has been obtained, a legitimate looking email is then sent that contains a zip file attachment which has been masked as an Excel or Word document. The attachment contains the ransomware. If the attachment is downloaded, key files on the computer are encrypted files (and often deleted, sometimes at timed intervals) and a demand for money is sent to the school to unlock the files. This type of attack is doubly disastrous for schools due to their data protection responsibilities and the fact that the data relates to children / vulnerable young people.
Example From America
An example of a very similar attack which took place at a Los Angeles School on New Year’s Eve resulted in unknown attackers using ransomware to encrypt hundreds of thousands of files affecting much of the campus' 1,800 staff and 20,000 students. The school, in this case, paid US$28,000 (in bitcoin currency) to release files.
2016 Was Ransomware Year
2016 was a huge year for ransomware attacks globally. For example, Kaspersky Labs estimated that in the 3rd quarter of 2016 a ransomware infection occurred every 30 seconds. Intel Security also reported that infections rose by more than a quarter in the first 3 months of the year.
What Does This Mean For Your Business?
For schools and businesses alike, it’s a case of always being on the lookout for suspicious emails, keeping security software up to date and regularly backing up critical data.
In order to provide maximum protection against more prevalent and varied threats this year, businesses should now adopt multi-layered security solutions. Businesses should accept that there is a real likelihood that they will be targeted and therefore prepare for this by implementing the most up to date security solutions, virtual patching and education of employees in order to mitigate risks from as many angles ('vectors') as possible.
Having workable and well communicated Disaster Recovery and Business Continuity Plans in place is now also an important requirement.