Ransomware in 2020 brought new angles and targets, including more cyber threats to schools. Digital attackers may have impersonated parents in a new attempt to get teachers to open ransomware.

When Ransomware Masquerades as a Class Assignment

At the beginning of October last year, Proofpoint flagged an email campaign using subject lines such as ‘Son’s Assignment Upload,’ ‘Assignment Upload Failure for [Name]’ and ‘[Name]’s Assignment Upload Failed.’ The scam mainly targeted teachers whose emails the attackers might have pulled off of public faculty listings on school websites. The body of the attack emails appeared to be written by the parent of one of the recipient’s students.

Using this disguise, the ‘parent’ told the recipient that their child had been unable to submit their class assignment “the usual way you guys do it.” They then said that their child had instructed them to email the assignment to their teacher because they “didn’t want to be marked late.”

Once opened, the document used Remote Template Injection to download a macro-laden document.

Enabling those macros caused the campaign to download malware executables from a free code hosting service. The macros also used a free web bug service to notify the attackers via SMS or email whether the downloaded executables had started up.

Those executables then loaded a custom ransomware strain written in the Go programming language.

The threat appended the ‘.encrypted’ extension to the names of all the files that it encrypted. It then dropped a ransom note entitled ‘About_Your_Files.txt’ on the infected machine’s desktop. This message instructed the recipient to pay $80 in bitcoin.

At the time of Proofpoint’s analysis, no one had posted a payment to the bitcoin address from the ransom note.

The Education Sector Under Attack

As schooling moved online, more threat actors saw it as a hunting ground. Ransomware attacks in this sector surged between the second and third quarters of 2020. Emsisoft found that eight colleges, universities and schools suffered a ransomware attack in Q2 2020. The next quarter, that number jumped to 31 incidents — a growth rate of 388% for ransomware in 2020.

The public school district in Hartford, Connecticut delayed its first day back for students after ransomware attackers compromised approximately 200 city servers. Some of those affected assets served the school, reported The New York Times. Others were in use by emergency personnel.

Near the end of September, a ransomware attack hit the Clark County School District in Las Vegas, Nevada. When school officials refused to pay the ransom, those responsible for the attack responded by publishing stolen Social Security numbers, student grades and other private data.

A few weeks later, both the Yorktown and Croton-Harmon school districts in New York experienced ransomware attacks that affected their laptops and desktops. Around the same time, the Springfield Public Schools district in Massachusetts temporarily closed schools while law enforcement investigated a ransomware attack.

How to Defend Against Ransomware Attacks on Schools

The campaigns described above highlight the need for defenses against ransomware threats. Educational institutions can do this by monitoring the network for signs of attackers using a compromised work account. In particular, they can leverage user behavior analytics to quickly respond to instances where an account appears to be engaging in suspicious behavior involving company data or systems.

Organizations also need to prepare themselves for the possibility of ransomware threats. In particular, invest in creating an incident response team and an incident response plan for school ransomware attacks. IT departments can test those assets on an ongoing basis.

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today