Security News > 2021 > June > Remote Access Trojan now targeting schools with ransomware
Dubbed ChaChi by researchers at BlackBerry, the RAT has recently shifted its focus from government agencies to schools in the US. A Remote Access Trojan is targeting schools and universities with ransomware attacks.
Specifically, ChaChi has been discovered in data breaches of K-12 schools and higher education facilities in the U.S. as well as the U.K. SEE: Special report: A winning strategy for cybersecurity.
The attackers gain lateral movement throughout the network using such tools as Remote Desktop Protocol and PsExec.
Initially spotted during the first half of 2020 without much hubbub, the first variant of ChaChi was used to attack networks of government agencies in France and was considered an indicator of compromise by CERT France, BlackBerry said.
Cybercriminals often target schools because they know they're ripe for attack.
"Cybersecurity attacks have ramped up in volume and ferocity since the COVID-19 pandemic began a year ago," BlackBerry VP of Research and Intelligence Eric Milam told TechRepublic.