Guidance for schools on managing and dealing with malware

If you’re a school looking for advice on how to manage and deal with malware, we’ve put together some helpful information and resources.

Remediation for malware removal

  • Do NOT Panic – keep a clear mind and work through what you need to do.
  • Isolate the host from the network and scan it for malware.
  • If malware is found, either attempt to remediate the infection with anti-virus software, or format the hard drive and reinstall the operating system and all applications from known, good media.
  • Ensure that the host has the latest patches and updates installed. This especially applies to Oracle Java, Macromedia Flash Player, Adobe Acrobat/Reader, any browsers (Internet Explorer, Google Chrome, Mozilla Firefox, etc.), and the operating system itself.

Find out more in our Malware removal post.

Also see Jisc’s guide on infected or compromised hosts.

How to protect yourself from ransomware

Ransomware is a type of malware (malicious software) that has gained notoriety due to high profile cases of companies being infected and forced to pay a ransom.

When browsing:

  • Don’t download any unapproved software, especially from free sources. There have been some ransomware variants that pose as software, even appearing in trusted application stores like Apple’s App Store.
  • Do not click on advertisements. Ransomware is commonly delivered through malvertisments (malicious advertisements). Cybercriminals will compromise a website’s ad with programs that when clicked can cause ransomware to download onto your computer.

For email:

  • Check who the email is from. Is the email from someone you don’t normally communicate with? Is the email uncharacteristic for someone within your organisation? Is the address from a domain you don’t recognise? If the email appears to be from a credible source, such as a bank or internet service provider, verify with the organisation that the message is legitimate. If the email came from a personal contact, verify the email came from them.
  • Check the content of the email. Does this email seem to come out of nowhere? Is it referencing some previous communications, meeting, or dialogue that you are not aware of? Is the email a reply or a forward that you were not involved in or expecting? Is there bad grammar or spelling?
  • Do not click links or open attachments. Does the link or attachment not make sense based on the sender? Does the link or attachment claim to be exposing something embarrassing for you? Does the link or attachment claim to be protecting you from some negative consequence? If you hover over the link, does the website being displayed match the link? It is best practice to search for the link on your own in a browser rather than clicking on the link.

Read more about ransomware and what to do if you get infected.

Emotet TrikBot

Emotet was originally designed as a banking trojan (stealing account credentials) but has evolved to supporting spamming on its own as well as the downloading of other malware.

Emotet is also an uploader. Traditionally the payloads have mostly been banking Trojans, with TrickBot being the most prevalent. Other payloads have included Qbot, Dridex, IcedID. There is also a connection between Emotet and a very dangerous targeted ransomware family called BitPaymer.

Get more information on this botnet and mitigation strategies.

FREE Malwarebytes Incident Response software

We are proud to be able to offer our valued customers industry-leading threat detection and remediation for FREE.

Find out more and apply for your licences.

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners