Schools warned over cold-calling ‘ransomware’ scam

Schools warned over cold-calling 'ransomware' scam

Fraudsters posing as government officials are contacting schools in attempts to hold important computer files to ransom, police have said.

Action Fraud has issued an alert following “numerous reports” of attempts to inflict ‘ransomware’ – which encrypts important files until a ransom is paid – on school computer systems using cold calling and confidence trickery.

According to police, fraudsters call schools claiming to be from the ‘Department of Education’, ask for the personal email and/or phone number of the head teacher or financial administrator and then send damaging files.

Do not pay extortion demands as this only feeds into criminals’ hands” – Action Fraud

Scammers reportedly claim they need to send guidance forms to the headteacher, varying in subject from exam guidance to mental health assessments.

They then claim they need to send these documents directly to the head and “not to a generic school inbox”, arguing that they contain sensitive information.

Emails include zip files containing ransomware which once downloaded encrypt files and demands up to £8,000 to recover them.

The scam is similar to another seen by schools, from fraudsters claiming to be from the Department for Work and Pensions and telecoms providers.

Schools are being told that although having up-to-date virus protection is essential, it will not always prevent them from infection.

Police are warning schools that although scammers may know personal details about headteachers to convince staff they are genuine, they should be mindful of where they have been obtained from, for example, a public-facing school website.

They also urged schools to listen out for scammers describing their employer as the ‘Department of Education’, rather than the correct ‘Department for Education’.

Officers have also issued the following advice…

  • Don’t click on links or open any attachments you receive in unsolicited emails or SMS messages.
  • Do not pay extortion demands as this only feeds into criminals’ hands, and there’s no guarantee that access to your files will be restored if you do pay.
  • If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk.