Data Security & Remote Learning

Attacks Disguise Malware as Student Assignments

Researchers have identified a new security risk that takes advantage of remote learning to launch a ransomware attack from a teacher’s computer. The attack attempts to trick teachers into opening fake student assignments, which, when opened, can download, install and activate the malware.

The attack, from a person or group calling themselves “employer21,” emails a fake assignment to a teacher. The assignment, according to researchers at Proofpoint, contains macros that, when activated, will download and run software that encrypts files on the victim’s computer. A notice then opens up demanding $80 in bitcoin.

Email-based attacks by employer21 were observed in early October. As of the publication of Proofpoint’s report, it appeared no bitcoin payments had been received.

According to the report: Students and school systems have faced unique problems in 2020, and these messages take advantage of widespread technological difficulties accompanying online learning. The messages are well crafted with a clear understanding of what would appeal to recipients, though as of this writing, Proofpoint researchers have not observed any payments posted to the ransom note Bitcoin address. While this campaign was very small, it’s possible that this and other actors will continue using themes of technology issues and online learning to lend legitimacy and urgency to their lures.”

A complete breakdown of the employer21 malware can be found on Proofpoint’s site.

About the Author

David Nagel is editorial director of 1105 Media's Education Technology Group and editor-in-chief of THE Journal and STEAM Universe. A 25-year publishing veteran, Nagel has led or contributed to dozens of technology, art and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at or follow him on Twitter at @THEJournalDave (K-12) or @CampusTechDave (higher education).


Whitepapers