back to article Ransomware sleazeballs target UK schools

Cybercrooks are targeting UK schools, demanding payments of up to £8,000 to unlock data they have encrypted with malware. Action Fraud warns that fraudsters are cold-calling schools claiming to be from the Department of Education and asking for the head teachers’ email addresses. Crooks then send booby-trapped emails with …

  1. Anonymous Coward
    Anonymous Coward

    but can restore their data smoothly in the event of a ransomware incident,

    And there is the crux of the matter - using a tested backup for the restore process. Now if a certain London university had tested backups maybe they wouldn't have had so much grief.

  2. Doctor Syntax Silver badge

    cold-calling schools claiming to be from the Department of Education and asking for the head teachers’ email addresses

    "It's our policy not to give such information over the phone. Please write." should be the standard response. Making it should be a reflex action.

    1. DNTP

      Re: standard response

      I've said it before: the point at which this great idea fails is the point at which a management higher-up decides the security rules don't apply to him, then gets some poor first-line rep sacked for insisting on protocol. Good luck getting anyone to follow the protocol after that.

      1. billat29

        sleazeballs target UK schools

        Let me see:

        Department FOR education

        standard for head's email is head@

        DfE have it anyway.

        Oh wait!

        Andrew Stuart, managing director of backup and disaster recovery vendor Datto.....

        another El Reg advertorial

        1. Lazlo Woodbine

          Re: sleazeballs target UK schools

          That's the case for Primary schools, for secondary schools there doesn't seem to be any consistency

          1. katrinab Silver badge

            Re: sleazeballs target UK schools

            Most primary schools have a headmistress rather than a headmaster.

      2. Doctor Syntax Silver badge

        Re: standard response

        "I've said it before: the point at which this great idea fails is the point at which a management higher-up decides the security rules don't apply to him"

        It's up to senior management to set the policy. If they don't set it and follow it they've nobody else to blame.

    2. Danny 14 Silver badge

      Or just look on the website where there is usually an email address. Or just headmaster@schooladdress.sch.uk

    3. x 7

      "It's our policy not to give such information over the phone. Please e-mail."

      FIFY

  3. Lazlo Woodbine

    Called me twice this week

    Got a call from these bastards on Wednesday.

    "Hello this is Mary from Department of Education, I need to contact your IT manager, can you let me have his email address."

    "If you're really from the Department for Education then the should already have our proper contact email details,"

    She put the phone down.

    She called back on Thursday

    "Hello this is Mary from the Department of Communications, I need to contact your IT manager, can you let me have his..."

    I didn't let her finish the sentence.

    Note to scammers:

    It's the Department For Education, not Of

    There is no Department of Communications...

    1. Anonymous Coward
      Anonymous Coward

      Re: Called me twice this week

      Good work, Agent Woodbine! It seems she slipped up and let her real name out. Now, we just need to track this Mary down and she's nicked! I'll alert Inspector Tiger of Scotland Yard straight away! Bob's your uncle!

    2. Doctor Syntax Silver badge

      Re: Called me twice this week

      "If you're really from the Department for Education then the should already have our proper contact email details,"

      She put the phone down.

      For occasions like this, keep a list of addresses of the more recent SEO etc spammers from your junk folder. They're all in the same line of work, no reason why they shouldn't occasionally be introduced to each other.

  4. Anonymous Coward
    Anonymous Coward

    Stop using Windows, at least run it in a VM so you can use snapshots etc.

    1. Martin Summers Silver badge

      Meanwhile, back in the real world...

    2. DNTP

      Your suggestion is often equivalent to fixing one little bolt on a machine that has numerous more fundamental flaws. It might not be a bad idea in the abstract, but a company with an extremely hardened IT system is still vulnerable without an institutional culture trained and enforced to match.

  5. Walter Bishop Silver badge
    Linux

    Cybercrooks are targeting UK schools

    Cybercrooks are targeting UK schools .. how exactly .. please provide technical details?

  6. John H Woods

    Stop with the network shares please ...

    It seems to me that nearly every network share I have ever come across would have been more useful as a version control system than a big dumb file storage area. Even before ransomware became a big issue, the increased auditability and resistance to user error seemed compelling advantages.

    If I had to secure a network share, in the quickest and cheapest possible manner, I'd think about scheduling a job to nondestructively* copy all the files in it to a nonshared filesystem on a regular basis.

    It's not a substitute for regularly made and regularly tested backups, but it might expedite getting prior copies of ransomed files back.

    * using some system to prevent existing files being overwritten with new versions (even just something like rsync --backup --suffix `date +%Y%m%dT%H%M%S` would do the trick)

  7. cantankerous swineherd
    Trollface

    these guys are to be commended. destroying data held by schools will improve civil liberties and the quality of education.

  8. Anonymous Coward
    Anonymous Coward

    What are the system requirements for this malware? Microsoft Windows ?

  9. 0laf Silver badge

    Up here

    North of the wall all state schools are run directly by local authorities which (should) mean proper backups are in place and any ransomware attack is doomed to be an irritation rather than a disaster.

    I've heard some real horror stories from guys in the south about free schools i.e. IT run by the pupils. I wouldn't be shocked to find out some of those schools has paid up in ransomware attacks.

    Smaller independent schools are probably at much greater risk as well.

    1. Andy The Hat Silver badge

      Re: Up here

      South of the wall the divide and conquer Academy system means that some schools have IT management others just have old computers on desks that a computer pixie will fix at some point - usually just before Ofsted are due ...

      Watching a finance manager literally building a new workstation on his desk with not even a nod to the god of static but knowing your pay packet relies on that machine makes the skin crawl a bit ...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019