Ransomware in 2020 brought new angles and targets, including more cyber threats to schools. Digital attackers may have impersonated parents in a new attempt to get teachers to open ransomware.

When Ransomware Masquerades as a Class Assignment

At the beginning of October last year, Proofpoint flagged an email campaign using subject lines such as ‘Son’s Assignment Upload,’ ‘Assignment Upload Failure for [Name]’ and ‘[Name]’s Assignment Upload Failed.’ The scam mainly targeted teachers whose emails the attackers might have pulled off of public faculty listings on school websites. The body of the attack emails appeared to be written by the parent of one of the recipient’s students.

Using this disguise, the ‘parent’ told the recipient that their child had been unable to submit their class assignment “the usual way you guys do it.” They then said that their child had instructed them to email the assignment to their teacher because they “didn’t want to be marked late.”

Once opened, the document used Remote Template Injection to download a macro-laden document.

Enabling those macros caused the campaign to download malware executables from a free code hosting service. The macros also used a free web bug service to notify the attackers via SMS or email whether the downloaded executables had started up.

Those executables then loaded a custom ransomware strain written in the Go programming language.

The threat appended the ‘.encrypted’ extension to the names of all the files that it encrypted. It then dropped a ransom note entitled ‘About_Your_Files.txt’ on the infected machine’s desktop. This message instructed the recipient to pay $80 in bitcoin.

At the time of Proofpoint’s analysis, no one had posted a payment to the bitcoin address from the ransom note.

The Education Sector Under Attack

As schooling moved online, more threat actors saw it as a hunting ground. Ransomware attacks in this sector surged between the second and third quarters of 2020. Emsisoft found that eight colleges, universities and schools suffered a ransomware attack in Q2 2020. The next quarter, that number jumped to 31 incidents — a growth rate of 388% for ransomware in 2020.

The public school district in Hartford, Connecticut delayed its first day back for students after ransomware attackers compromised approximately 200 city servers. Some of those affected assets served the school, reported The New York Times. Others were in use by emergency personnel.

Near the end of September, a ransomware attack hit the Clark County School District in Las Vegas, Nevada. When school officials refused to pay the ransom, those responsible for the attack responded by publishing stolen Social Security numbers, student grades and other private data.

A few weeks later, both the Yorktown and Croton-Harmon school districts in New York experienced ransomware attacks that affected their laptops and desktops. Around the same time, the Springfield Public Schools district in Massachusetts temporarily closed schools while law enforcement investigated a ransomware attack.

How to Defend Against Ransomware Attacks on Schools

The campaigns described above highlight the need for defenses against ransomware threats. Educational institutions can do this by monitoring the network for signs of attackers using a compromised work account. In particular, they can leverage user behavior analytics to quickly respond to instances where an account appears to be engaging in suspicious behavior involving company data or systems.

Organizations also need to prepare themselves for the possibility of ransomware threats. In particular, invest in creating an incident response team and an incident response plan for school ransomware attacks. IT departments can test those assets on an ongoing basis.

More from Data Protection

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read

IBM Security Guardium Ranked as a Leader in the Data Security Platforms Market

3 min read - KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures today’s solutions and why it’s important for you to have a data security platform that you trust. The Transformation of the Data Security Industry As digital transformation continues to expand, the impact it has had on enterprises is very apparent when…

3 min read

SaaS vs. On-Prem Data Security: Which is Right for You?

2 min read - As businesses increasingly rely on digital data storage and communication, the need for effective data security solutions has become apparent. These solutions can help prevent unauthorized access to sensitive data, detect and respond to security threats and ensure compliance with relevant regulations and standards. However, not all data security solutions are created equal. Are you choosing the right solution for your organization? That answer depends on various factors, such as your industry, size and specific security needs. SaaS vs. On-Premises…

2 min read

Understanding the Backdoor Debate in Cybersecurity

3 min read - The debate over whether backdoor encryption should be implemented to aid law enforcement has been contentious for years. On one side of the fence, the proponents of backdoors argue that they could provide valuable intelligence and help law enforcement investigate criminals or prevent terrorist attacks. On the other side, opponents contend they would weaken overall security and create opportunities for malicious actors to exploit. So which side of the argument is correct? As with most debates, the answer isn't so…

3 min read