Cyber criminals are orchestrating ransomware campaigns that are designed to disrupt vulnerable schools and school districts. Here’s the latest…

In the south of England, two schools have just experienced forced closures after a ransomware attack. National Cyber Security Centre (NCSC) investigators and police are looking into the incident.

What happened

The hack hit on-premise servers. Attackers encrypted emergency contact details, medical records, timetable and registers belonging to both students and staff.

“Data stolen includes: a wealth of teaching resources, school trip information, policies, human resources files and a significant amount of staff data, some student data including medical information and data pertaining to our iPad scheme,” announced an FAQ statement.

“Data encrypted (and therefore not accessible to the school anymore) includes our management information system, which contains the bulk of contact details for parents. Therefore, it is the latter that we have had to ask parents to re-submit to the trust.”

Bank accounts accessed

Experts urged students and parents to change passwords to personal accounts that may have been compromised. “The details of bank accounts may have been accessed through details taken for the iPad scheme for example,” stated the affected institutions.

“The scale of this attack is significant and staff across the Trust have worked extremely hard to achieve reopening of each site,” said the institutions in a statement.

NCSC school warnings, UK

This attack closely followed a warning provided by the NCSC regarding the potential for an influx of cyber attacks on the education sector. An NCSC report noted that phishing, RDP hijacking and vulnerabilities in VPNs represented central attack vectors.

Hybrid learning and hybrid data storage

In 2020, the widespread shift to remote learning precipitated by the global pandemic left schools with a high degree of fragmentation and a lack of visibility into systems. As a result, security gaps and risks emerged. Since then, educational institutions have struggled to contend with these challenges.

In the aforementioned attacks on schools, the data was located on-premise. However, many education sector groups now host data in multiple places. How can they keep track of information and ensure security? It is essential for administrators and educators to remain vigilant about security and privacy in all environments.

Tips for schools

  • Invest in anti-virus software. Ensure that laptops are protected. This mitigates malware and phishing threats. Apply automatic updates for easier management.
  • Develop a strong online perimeter. Education sector groups must develop strong firewalls and internet gateways to protect school networks from cyber attacks, unauthorized access and harmful content.
  • Vet all third-party providers. Ensure that third-party platforms comply with security best practices.
  • Monitor systems. Around-the-clock monitoring helps safeguard systems from attack. Ensure that experts continually analyze information, seeking out any unusual activity.
  • Online security education. Teachers and staff members should understand the risks. Develop fun and engaging training sessions to inform individuals about the latest cyber security threats.

For additional security tips, click here. For the NCSC’s latest guidance on mitigating malware and ransomware attacks, click here.