Attacks Disguise Malware as Student Assignments

Researchers have identified a new security risk that takes advantage of remote learning to launch a ransomware attack from a teacher’s computer. The attack attempts to trick teachers into opening fake student assignments, which, when opened, can download, install and activate the malware.

The attack, from a person or group calling themselves “employer21,” emails a fake assignment to a teacher. The assignment, according to researchers at Proofpoint, contains macros that, when activated, will download and run software that encrypts files on the victim’s computer. A notice then opens up demanding $80 in bitcoin.

Email-based attacks by employer21 were observed in early October. As of the publication of Proofpoint’s report, it appeared no bitcoin payments had been received.

According to the report: Students and school systems have faced unique problems in 2020, and these messages take advantage of widespread technological difficulties accompanying online learning. The messages are well crafted with a clear understanding of what would appeal to recipients, though as of this writing, Proofpoint researchers have not observed any payments posted to the ransom note Bitcoin address. While this campaign was very small, it’s possible that this and other actors will continue using themes of technology issues and online learning to lend legitimacy and urgency to their lures.”

A complete breakdown of the employer21 malware can be found on Proofpoint’s site.

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • abstract geometric pattern of glowing interconnected triangles, hexagons, and circles in blue, gold, and white, spread across a dark navy-to-black gradient background

    OpenAI Introduces 'Operator' AI for Performing Web Tasks

    OpenAI has announced "Operator," an AI agent designed to perform web-based tasks autonomously using its own browser. Currently available as a research preview for Pro users in the United States, the tool aims to automate everyday activities such as filling out forms, ordering groceries, and even creating memes.

  • digital illustration of Estonia with glowing neural network-like connections spreading across the map

    Estonia to Roll Out ChatGPT Edu for all Secondary Schools

    In a nationwide artificial intelligence program dubbed "AI Leap 2025," the country of Estonia plans to provide free access to leading AI applications for all secondary school students and teachers. The initiative will launch with a rollout of ChatGPT Edu to 20,000 high school students in grades 10-11 and their 3,000 teachers, beginning Sept. 1.

  • glowing digital brain made of blue circuitry hovers above multiple stylized clouds of interconnected network nodes against a dark, futuristic background

    Report: 85% of Organizations Are Leveraging AI

    Eighty-five percent of organizations today are utilizing some form of AI, according to the latest State of AI in the Cloud 2025 report from Wiz. While AI's role in innovation and disruption continues to expand, security vulnerabilities and governance challenges remain pressing concerns.

  • DreamBox Math

    Discovery Education Announces Accessibility Enhancements for DreamBox Math

    Discovery Education has updated DreamBox Math, an online math program for K–8 students to supplement core instruction, to improve accessibility for K–5 students, according to a news release. DreamBox Math provides personalized instruction by adapting to individual learners’ responses and providing an engaging, dynamic learning environment.