The summer months often see a rise in ransomware attacks against schools, colleges and universities in the UK, as cybercriminals turn their attention to a sector that is focused on delivering exam results and preparing for the return of students for the new academic year.

Back in June 2021, the National Cyber Security Centre (NCSC) issued an alert to the sector to encourage organisations in the sector to protect their networks to prevent ransomware attacks.

Dealing with a ,ransomware attack can be devastating for organisations, with victims requiring a significant amount of recovery time to recover critical services. These attacks can also be high profile in nature, with wide public and media interest following the story.

Some recent incidents in the ,education sector involving ransomware have led to the loss of school financial records, student coursework and data relating to COVID-19 testing. It's vital that organisations have up-to-date and tested offline backups.

Isle of Wight schools hit by a ransomware attack

Back in August 2021, the ,BBC reported that six schools were hit by a cyberattack that prevented their staff from accessing their computer systems. The Isle of Wight Education Federation saw its IT systems become compromised by the ransomware attack which encrypted its data.

As a result of the attack, Lanesend Primary school saw its pupils start their new academic year three days later than planned. Local Police and Authority, the Department for Education, Cyber support and various ICT system providers came together to ensure that necessary and appropriate systems were in place for the new academic year.

Myerscough College came under attack from Ransomware

In 2021 the Cyber Resilience Centre was contacted by Myerscough College after first contacting Lancashire Police to report the crime when they found themselves dealing with a targeted ransomware attack.

“Myerscough are thankful for the help of the Cyber Resilience Centre and SaaSAge who have worked with us to get our systems back online following this targeted ransomware attack. After dealing with this ransomware attack, we feel the college and our staff are now better educated and equipped with the tools to deal with any future cyber-attack.” - Ian Brown, Director of IT & MIS @ Myerscough College

The Cyber Resilience Centre helped to quickly connect Myerscough College with our Trusted Partner SaaSAge who has assisted the college in recovering data and getting systems back online following the ransomware attack.

Detective Superintendent Neil Jones, Director of the North West Cyber Resilience Center commented “Myerscough College is just one of several local education establishments which have been targeted in recent months. The Cyber Resilience Centre was happy to work with them and put them in touch with SaaSAge who implemented their Business Continuity Team to work with the college to restore their systems and put measures in place for the college to be better prepared for any future similar attack."

"It should be noted that Myerscough College took the appropriate steps in reporting this crime to Lancashire Police. If your business is faced with a ransomware demand, do not pay the ransom funds and report the attack. ”

What should you do if you're attacked?

Your organisation should make sure you have an ,incident response plan, which includes a scenario for a ransomware attack, make sure you test this out throughout the year. But having an up-to-date and tested offline backup is the most effective way to recover from a ransomware attack

Police Forces in the North West and all law enforcement do not encourage, endorse, nor condone the payment of ransomware demands. If you ignore this guidance and pay the ransom:

• There is no guarantee that you will then gain access to your data or device(s).
• Your computer(s)/network could still be infected.
• You will be paying a criminal group.
• You're more likely to be targeted again in the future.

We encourage any victim to first report the incident to Action Fraud, then reach out to us here at the Cyber Resilience Centre and we can help you take the next steps. We have the expertise and trusted partners who can educate, help and guide you on the best path to defend your school, college or university against any further attacks.

We've launched a ,dedicated area of resources to support the education sector, following our guidance (and guidance from the NCSC) will significantly increase your protection from the most common types of cybercrime.