Skip to content
Signals
Monitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real timeMonitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real time
Dragons Community
← Campaigns
DormantTLP:GREENConfidence: Medium

Operation EduLock

First seen March 1, 2026 · Last seen May 10, 2026

Public preview

Summary and targeting visible. Pro adds TTP and actor context, Pro+ adds IOC exports and enrichment.

Plans →

Summary

Ransomware campaign specifically targeting educational institutions during enrollment and exam periods. Exploits weak remote access configurations.

Target Sectors

Education

Target Regions

Western EuropeNorth America

Safety Note

Fictional campaign targeting education sector. No real institution names or ransom details included.

Actions

View pricing

Threat Actors

VoidLock Collective

ransomware · Eastern Europe (assessed)

Malware Used

VoidCrypt

ransomware

MITRE ATT&CK Techniques

T1486Data Encrypted for Impact

Impact

Maintain offline backups. Monitor for mass file modification events. Restrict execution of unknown binaries. Implement endpoint detection for encryption behavior.

T1133External Remote Services

Initial Access

Enforce MFA on all remote access. Restrict VPN/RDP to allowlisted networks where possible. Monitor remote access logs for anomalies. Patch remote access infrastructure promptly.

T1059.001PowerShell

Execution

Enable PowerShell logging (ScriptBlock, Module, Transcription). Restrict PowerShell execution policy. Deploy AMSI-aware endpoint protection. Monitor for encoded command execution.

Related Ransomware Groups

VoidLock

Active · Healthcare, Manufacturing, Education

Related IOCs

192.0.2.200

IP Address · Expired

Recent Feed Items

Operation EduLock ransomware campaign enters dormancy

campaign update · low

Related Intelligence

Threat Actors

Threat ActorsAttributedHigh

DataFreedom Alliance

DataFreedom Alliance is a mock hacktivist collective that conducts website defacement and data leak campaigns against government and corporate targets. The group communicates through public channels. All details are fictional.

hacktivist · Unknown / Decentralized

MITRE ATT&CK

MITRE ATT&CKUsesHigh

T1486: Data Encrypted for Impact

Adversaries encrypt data on target systems to interrupt availability and extort payment.

Impact

Static mock relationships for demonstration. Not AI-generated or externally enriched.