Schools are being warned of a significant rise in ransomware attacks by cyber criminals.
The National Cyber Security Centre (NCSC) issued the alert following a spike in the targeting of education establishments in late February.
Ransomware is a type of malware preventing the operator from accessing computer systems or data. Its installation is generally followed by a demand for payment to resume normal operation or recover data.
“It is important that senior leaders understand the nature of the threat and the potential for ransomware to cause considerable damage to their institutions in terms of lost data and access to critical services,” said the NCSC.
In recent attacks on the sector, ransomware has led to the loss of coursework, financial records and Covid-related data.
Ruth Schofield, UK country manager for Heimdal Security, says that concerns over cyber-crime have been heightened by the events of the last year.
“The rapid switch to remote learning has made [schools] more dependent on their IT systems,” she said.
“In the rush to get pupils online, it is perhaps understandable that cybersecurity has been less of a priority, so they have become more vulnerable to attacks.
“At a time when businesses have been strengthening their defences, schools have become soft targets for criminals. The critical nature of their work also means that attacks can cause huge disruption and stop them teaching altogether, so faced with a ransom demand, schools are more likely to pay up.”
It is important that senior leaders understand the nature of the threat and the potential for ransomware to cause considerable damage to their institutions – NCSC
This week it was reported that 50 schools in London and Essex had their telephone and email systems suspended following a “particularly vicious ransomware attack” on the Harris Federation. Harris Federation devices owned by pupils were also disabled as a precaution.
“This is a highly sophisticated attack that will have significant impact on our academies, but it will take time to uncover the exact details of what has or has not happened, and to resolve,” said a statement from the federation.
“In addition to using the services of a specialised firm of cyber technology consultants, we are working closely with the National Crime Agency and the National Cyber Security Centre.”
The NCSC, an arm of GCHQ, is warning of a growing trend among cyber criminals to threaten to release the sensitive data it has obtained, often via websites on the darknet.
Among the main points of entry for attackers are:
- Phishing attacks (emails encouraging users to open malicious files or links)
- Weak passwords
- A lack of multi-factor authentication (in which a computer user is granted access only after offering two or more pieces of evidence that they are authorised to have it)
- Unpatched software vulnerabilities
The NCSC is recommending that organisations take all possible steps to follow its guidance on how to defend organisations against malware or ransomware attacks.
In brief, these measures include:
- Drawing up an incident response plan, which includes a scenario for a ransomware attack
- Having up-to-date and tested offline backups
- Effective vulnerability management and patching procedures
- Installation of antivirus software
- Implementing mechanisms to prevent phishing attacks
“These attacks are the last thing the education sector needs right now,” added Schofield. “The good news is that even a small amount of investment can make a big impact in terms of protecting schools and maintaining our education system.”
From the archive: How the independent education sector can safeguard against cyber crime