Management Information Sheet
ALERT - Further targeted ransomware attacks on the UK education sector by cyber criminals
The NCSC (National Cyber Security Centre) is responding to further targeted ransomware attacks on the education sector by cyber criminals.
Since late February 2021, an increased number of ransomware attacks have affected education establishments in the UK, including schools, colleges and universities. This trend is expected to continue, and we must take steps to protect ourselves and prepare to respond in the event of a successful attack.
This alert is designed to be read by those responsible for IT and Data Protection at education establishments within the UK. Where these services are outsourced, you should discuss this Alert with your IT providers.
It is also important that senior leaders and Governors understand the risks that are associated with a successful ransomware attack, and the considerable damage it could cause their institutions in terms of data loss and access to critical IT services.
The NCSC urges all organisations to follow their guidance on Mitigating malware and ransomware attacks. The guidance details several steps organisations can implement that will reduce the risk of a successful ransomware attack occurring and help to plan and prepare for the effective recovery from a ransomware attack should it occur.
The NCSC has produced a number of practical resources that have been specifically designed to help schools and other educational institutions improve their cyber security posture.
Ransomware
Ransomware is a type of malware that prevents you from accessing your systems or the data held on them. Typically, the data is encrypted, but it may also be deleted or stolen, or the computer itself may be made inaccessible.
Following the initial attack, those responsible will usually send a ransom note demanding payment to recover the data. They will typically use an anonymous email address to make contact and will request payment in the form of a crypto currency.
More recently, there has been a trend for cyber criminals to also threaten to release sensitive data stolen from the network during the attack, if the ransom is not paid. There are many high-profile cases where the cyber criminals have followed through with their threats by releasing sensitive data to the public, often via "name and shame" websites on the darknet.
Ransomware attacks can have a devastating impact on organisations, with victims requiring a significant amount of recovery time to re-enable critical services. These events can also be high profile in nature, with wide public and media interest.
In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing.
It is therefore vital that education establishments have:
- Up-to-date and tested offline backups (NCSC's guidance on backing up your data)
- Effective vulnerability management and patching procedures (see Vulnerability Management)
- Secure RDP services using Multi Factor Authentication
- Install and enable Antivirus software
- Implement mechanisms to prevent Phishing attacks
- Disable or constrain scripting environments and macros
- Incident reporting processes and business continuity plans in place
The NCSC has produced a number of practical resources to help schools and other educational institutions improve their cyber security:
- Cyber Security for Schools
- Top Tips for Staff
- 10 steps to cyber security
- Training materials for staff
ICT Solutions are currently working with NCSC, Norfolk Police and our own security team to bring you more updates, information and virtual events soon.