Management Information Sheet
Further ransomware attacks on the UK Education sector by cyber criminals
The NCSC (National Cyber Security Centre) is responding to continued targeted ransomware attacks on the education sector by cyber criminals. The NCSC has produced a number of practical resources that have been specifically designed to help schools and other educational institutions improve their cyber security posture.
Since 2021, the trend for ransomware attacks has continued to grow, affecting education establishments in the UK, including schools, colleges, and universities. This trend is expected to continue further, and we must take steps to protect ourselves and prepare to respond in the event of a successful attack.
This alert is designed to be read by those responsible for IT and Data Protection at education establishments within the UK. Where these services are outsourced, you should discuss this Alert with your IT providers.
It is also important that senior leaders and Governors understand the risks that are associated with a successful ransomware attack, and the considerable damage it could cause their institutions in terms of data loss and access to critical IT services.
The NCSC urges all organisations to follow their guidance on Mitigating malware and ransomware attacks. The guidance details several steps organisations can implement that will reduce the risk of a successful ransomware attack occurring and help to plan and prepare for the effective recovery from a ransomware attack should it occur.
Ransomware
Ransomware is a type of malware that prevents you from accessing your systems or the data held on them. Typically, the data is encrypted, but it may also be deleted or stolen, or the computer itself may be made inaccessible.
Following the initial attack, those responsible will usually send a ransom note demanding payment to recover the data. They will typically use an anonymous email address to make contact and will request payment in the form of a crypto currency.
More recently, there has been a trend for cyber criminals to also threaten to release sensitive data stolen from the network during the attack, if the ransom is not paid. There are many high-profile cases where the cyber criminals have followed through with their threats by releasing sensitive data to the public, often via "name and shame" websites on the darknet.
Ransomware attacks can have a devastating impact on organisations, with victims requiring a significant amount of recovery time to re-enable critical services. These events can also be high profile in nature, with wide public and media interest.
Recently, at CYBERUK Online 2021, the NCSC hosted a stream focussed on ransomware, the risk to schools and how to prevent it.
What you need to do?
In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing.
It is therefore vital that education establishments have:
- Up-to-date and tested offline backups (NCSC's guidance on backing up your data)
- Effective vulnerability management and patching procedures (see Vulnerability Management)
- Secure RDP services using Multi Factor Authentication
- Install and enable Antivirus software
- Implement mechanisms to prevent Phishing attacks
- Disable or constrain scripting environments and macros
- Incident reporting processes and business continuity plans in place
Staff Awareness and Training - free resources available
The National Cyber Security Centre has developed a new school staff training resource in partnership with the education sector. This blog explains the product and directs you to the training page where you can access the two school staff training formats.
Reporting Cyber Incidents
Reporting cyber incidents can be made to Action Fraud. If the incident involved a data breach we would advise reporting it to the Information Commissioner's Office (ICO) under GDPR guidelines.
What we are doing to help?
ICT Solutions are currently working with NCSC, Norfolk Police, Secure Schools, and our own security team to bring you more updates, information, and virtual events soon.
If you have any concerns or questions about cyber security within your school, please contact us on 01603 475603 or email ict@norfolk.gov.uk for assistance.