Schools find malware on laptops given out for home schooling

Malware appears to be contacting Russian servers, claim teachers

Malware has been found on some laptops given out by the government to aid home-schooling during lockdown, several news media have reported.

Teachers from a Bradford school first raised the issue through an online IT forum, claiming that they had found suspicious files on devices sent to their school.

The malware appears to be contacting Russian servers, they said.

The Department of Education said it has launched an investigation into the issue.

A DfE official told BBC News: "We are aware of an issue with a small number of devices. And we are investigating as an urgent priority to resolve the matter as soon as possible.

"DfE IT teams are in touch with those who have reported this issue."

"We believe this is not widespread."

Meanwhile, a spokesperson told The Guardian that the malware was detected and removed when schools first turned the devices on.

"We take online safety and security extremely seriously and we will continue to monitor for any further reports of malware. Any schools that may have concerns should contact the Department for Education."

A post in the online IT forum, where the issue was originally raised, believes the laptops contained the Gamarue Worm, a strain of malware that was first identified by Microsoft in 2012.

The government has promised to supply 1.3 million devices under the Get Help with Technology programme to children in England whose learning has been affected by a lack of IT equipment during national lockdowns.

More than 800,000 laptops have been delivered to schools so far, the government claims.

According to a source from the Daily Telegraph, around 10 per cent of laptops received by schools could be contaminated with viruses.

Urgent action is needed to ensure that infected machines are not being used by vulnerable children and their families, according to Oliver Cronk, chief IT architect at endpoint cybersecurity vendor Tanium.

"Just one use of an infected device could be enough to steal a user's credentials, academic work, photos or payment information. It's clear these machines have not been wiped or updated properly and this raises concern around what else might be present on them, as well as how long these vulnerable children will now be left without devices if they've been compromised and need to be cleaned up," he said.

"Schools should work with authorities to identify how many of the 800,000 devices that have been given out contain the malware. Then they must also assess if it's just pupils' devices that have been compromised or teachers too, as this would cause further problems. We must remember that these efforts are necessary if we are to best protect our children and the unprecedented amount of sensitive information that they are currently uploading to school networks which are often fragile."