UK Government Hands Out Malware Ridden Laptops to Schools

Child sitting on the couch at home using computer

The Department for Education (DfE) committed to handing out 1.3 million laptops and tablets to support disadvantaged students during lockdown. 800,000 of these devices have already been delivered to schools. However, a number of refurbished laptops were found to be infected with a malicious computer virus.

Free Devices for Disadvantaged Children

In August 2020, the UK government announced their ‘Get Help with Technology Program’. As part of this initiative, the Department for Education has been providing laptops, tablets and 4G wireless routers to schools. These devices are meant to help vulnerable children access remote education. Parents, carers and pupils cannot apply for this program directly but can discuss their needs with the school.

For the time being, educational facilities in the UK remain closed to the majority of students. They all offer remote learning instead. The only exception are the children of key workers and vulnerable children who don’t have access to a laptop at home or a quiet place to attend online classes and study. These students can still attend school.

The government engaged three IT resellers to refurbish and distribute computing equipment to schools as quickly as possible. So far, more than 800,000 laptops and tablets have been delivered. The government said that extra funding would be available going forward and that more laptops would be provided. Another half a million devices are expected to be distributed in the upcoming weeks. The UK Office of Communications (Ofcom) estimates that up to 1.78 million children in the UK don’t have access to a computer.

Laptops Infected with Malicious Worm Virus

Some of the laptops given out to schools, however, turned out to be infected with a computer virus. Several teachers shared details on an online forum about suspicious files found on several devices sent to a school in Bradford. Other schools have also come forward, including a school in West Yorkshire and one in Lincolnshire.

It emerged that the virus was a self-propagating network worm called Gamarue.I. This worm communicates mainly with Russian servers and can download and install other viruses and other malware, including spyware. Of the schools that reported having infected devices, ten percent of their laptops are said to have the virus. At this stage, it is not known whether any children received infected laptops.

An investigation has been launched. According to the Department for Education only a handful of schools reported the issue. As all Windows devices have antivirus software already installed, the worm should be destroyed during the setup process. In all known cases, the malware was detected and removed when schools first turned on the devices and thus before they were sent to students. Nonetheless, the presence of the worm is concerning, as the devices should have been completely scraped before being sent to schools.

What Can the Gamarue Worm Do?

Gamarue is an invasive and severe malware strain. The worm was first identified by Microsoft in 2012. Usually, devices get infected when someone clicks on a malicious email or either connects an infected USB stick or external hard drive to a computer and opens a malicious file.

The worm can literally take over someone’s device. It can change a devices’ security settings, download malicious files from the internet and install them. Moreover, it is able to make registry changes. It does this to avoid needing permission to, for example, add browser redirects or adware. Or to be able to launch other malware it installs on start-up.

This leaves the victim vulnerable to all sorts of scams and cybercrimes. Hackers could harvest personal information on the device, including passwords and banking details. A variant of Gamarue was previously used in a botnet downed in 2017 by the FBI, Europol and cybersecurity companies.

IT communication specialist
Sandra has many years of experience in the IT and tech sector as a communication specialist. She's also been co-director of a company specializing in IT, editorial services and communications project management. For VPNoverview.com she follows relevant cybercrime and online privacy developments.