Fraudsters demand £8000 from UK schools to unlock encrypted data

News by Danielle Correa

Fraudsters are now targeting UK schools and demanding payments to unlock data they have encrypted with malware.

Fraudsters are now targeting UK schools and demanding payments to unlock data they have encrypted with malware.

UK police have issued warnings that fraudsters are cold calling schools claiming to be from the “Department of Education”, and asking for personal email addresses of the headteacher or financial administrator, claiming they need to send documents containing sensitive information.

The crooks then send damaging files to the personal email addresses rather than a generic school inbox in the hope it will bypass standard security measures. .

The emails include zip files containing ransomware, which once downloaded encrypt files and demand payments of up to £8000 to recover them.

UK police have issued the following guidance for schools:

  • Be mindful of where the fraudsters have obtained personal details from, such as a public-facing school website.

  • Listen for scammers describing their employer as the ‘Department of Education' rather than the correct government department, the ‘Department for Education'.

  • Don't click on links or open attachments received in unsolicited emails or SMS messages.

  • Don't pay extortion demands as there is no guarantee that access to files will be restored.

  • Always install software updates as soon as they become available.

  • Backup your data to protect against ransomware and other data catastrophes.

  • Report this and any other scams to Action Fraud by calling 0300 123 2040 or visiting

In emailed commentary to SC Media UK, Andrew Stuart, managing director at Datto said, “Unscrupulous hackers see ransomware as a business, and have already been known to exploit hospitals and even charities, so schools were always possible targets. It is vital that schools review their data backup procedures to ensure that they not only have copies of all critical data, but can restore their data smoothly in the event of a ransomware incident. Backup itself is just the first step; if you have the ability to recover lost data quickly, you can keep your business or school functioning with minimal downtime and interruption, and without paying a ransom.”

“We would advise schools not to pay, as our own research has shown that a quarter of businesses do not receive their data even after payment. A blended security approach is what schools need – educate your users, update all software to the latest patched versions, install a decent AV, and most importantly ensure you have backups in place.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews