"Ransomware in the Remote Era: Attackers Impersonate Parents to Target Teachers"
Cybercriminals have impersonated parents to trick teachers into falling victim to ransomware attacks. In October of last year, Proofpoint researchers discovered a malicious email campaign that used subject lines in relation to class assignments. The emails appeared to come from parents who wanted to submit their child's assignment because the usual submission process had failed. Attackers may have pulled teachers' emails from public listings on school websites. The emails contained a malicious document that downloads a custom ransomware payload. According to researchers, the ransomware strain delivered in this campaign was written in the Go programming language. Victims were instructed to pay $80 in bitcoin. Ransomware attacks in the education sector increased significantly between the second and third quarters of 2020. In another incident last year, a public school district in Hartford, Connecticut, suffered a ransomware attack on its city servers, which delayed the first day of school for students. Such campaigns emphasize the need for the educational sector to strengthen its defenses against ransomware threats. Educational institutions are encouraged to increase network monitoring to better detect signs of attackers that have compromised work accounts. Behavioral analytics could be leveraged to increase the speed at which organizations respond to situations where an account appears to be exhibiting suspicious behavior involving data and systems. This article continues to discuss findings surrounding the October 2020 email campaign in which parents were impersonated to deliver ransomware to teachers, as well as other notable ransomware attacks faced by the education sector, and how educational institutions can defend against such attacks.