The summer months often see a rise in ransomware attacks against schools, colleges and universities in the UK as cybercriminals turn their attention to a sector that is focused on delivering exam results and preparing for the return of students for the new academic year.
In June 2021, the National Cyber Security Centre (NCSC) issued an alert to the sector to encourage organisations to protect their networks to prevent ransomware attacks.
Dealing with a ransomware attack can devastate organisations, with victims requiring significant recovery time to recover critical services. These attacks can also be high-profile, with wide public and media interest following the story.
Some recent incidents in the education sector involving ransomware have led to the loss of school financial records, student coursework and other data. It's vital that organisations have up-to-date and tested offline backups. Nurseries and Childminders are not safe from attacks either; they're also appealing targets for Cyber-Attackers
Ransomware Attacks on Schools on the Isle of Wight
Back in August 2021, the BBC reported that six schools were hit by a cyberattack that prevented their staff from accessing their computer systems. The Isle of Wight Education Federation saw its IT systems become compromised by the ransomware attack, which encrypted its data.
As a result of the attack, Lanesend Primary School saw its pupils start their new academic year three days later than planned. Local Police and Authority, the Department for Education, Cyber support and various ICT system providers came together to ensure that necessary and appropriate systems were in place for the new academic year.
Myerscough College came under attack by Ransomware
In 2021, Myerscough College contacted Cyber Resilience Centre after first contacting Lancashire Police to report the crime when they found themselves dealing with a targeted ransomware attack.
“Myerscough are thankful for the help of the Cyber Resilience Centre and SaaSAge who have worked with us to get our systems back online following this targeted ransomware attack. After dealing with this ransomware attack, we feel the college and our staff are now better educated and equipped with the tools to deal with any future cyber-attack.” - Ian Brown, Director of IT & MIS @ Myerscough College
The Cyber Resilience Centre helped to quickly connect Myerscough College with our former Cyber Essentials Partner SaaSAge, who has assisted the college in recovering data and getting systems back online following the ransomware attack.
Detective Superintendent Neil Jones, Director of the North West Cyber Resilience Center, commented, “Myerscough College is just one of several local education establishments which have been targeted in recent months. The Cyber Resilience Centre was happy to work with them and put them in touch with SaaSAge, who implemented their Business Continuity Team to work with the college to restore their systems and put measures in place for the college to be better prepared for any future similar attack."
"It should be noted that Myerscough College took the appropriate steps in reporting this crime to Lancashire Police. If your business faces a ransomware demand, do not pay the ransom funds and report the attack. ”
What should you do if you're attacked?
Your organisation should ensure you have an incident response plan, which includes a scenario for a ransomware attack; make sure you test this out throughout the year. But having an up-to-date and tested offline backup is the most effective way to recover from a ransomware attack
Police Forces in the North West and all law enforcement do not encourage, endorse, or condone the payment of ransomware demands. If you ignore this guidance and pay the ransom:
There is no guarantee that you will gain access to your data or device(s).
Your computer(s)/network could still be infected.
You will be paying a criminal group.
You're more likely to be targeted again in the future.
We encourage any victim to first report the incident to Action Fraud, then reach out to us here at the Cyber Resilience Centre, and we can help you take the next steps. We have the expertise and cyber essentials partners who can educate, help and guide you on the best path to defend your school, college or university against any further attacks.
We've launched a dedicated area of resources to support the education sector. Following our guidance (and guidance from the NCSC) will significantly increase your protection from the most common types of cybercrime.
