Ransomware attacks on schools - Increase on the education sector

Since early this year, there has been a dramatic increase in ransomware attacks on schools. This includes primary schools, secondary schools, colleges, and universities.

During the pandemic, it seemed like cybercriminals were mostly targeting well-known businesses such as Acer, Easy Jet, and Royal Mail. However, there has been a surge in cybercriminals implementing ransomware attacks on schools.

Just like businesses, schools hold valuable information such as student medical records, parents’ contact details, and teachers’ bank details. If a cybercriminal gets hold of this data, they will usually demand a ridiculous sum of money. However, they might also threaten to sell the data to a third party on the dark web.

Shockingly, anyone would want to target the education sector. Time and money are extremely important because it provides the resources and support students need to get the most out of their education.

However, cybercriminals can be exceptionally heartless and only care about making money for themselves. Recently, they targeted The Salvation Army, a charity organisation that relies on money and donations to help provide for the vulnerable.

It was only a matter of time before they started turning their resources elsewhere. Unfortunately, that has meant many schools have become victims of sophisticated attacks such as ransomware.

These ransomware attacks on the education sector are showing no sign of slowing down. It’s already been a difficult year for students, teachers, and parents. Classroom teaching can provide students with all the resources, additional support, and social interactions that they need. However, these targeted attacks on the education sector are preventing this.

In the past few months, cyber-attacks have impacted schools differently. Some schools have faced more consequences than others. However, they have all taken the right steps by contacting the Action Fraud team and the ICO (Information Commissioner’s Office). Knowing how to report a cyber-attack is equally as important as preventing one. Each of the schools that have been the victim of these attacks has dealt with them correctly.

We’ve rounded up the areas of some of the most devastating ransomware attacks on schools, and the impact it's had.

1. Bedfordshire:

Redborne Upper School and Community College were attacked when hackers managed to gain access to their servers.

Though criminals didn't compromise the data, they had left the server unreadable. The impact this ransomware attack had on the school meant that a large amount of data had been left unreadable and therefore destroyed. The data included students’ coursework which the school was unable to retrieve.

Thankfully, they kept their students’ data on a different server that the cybercriminals hadn’t attacked. However, this is devastating for a lot of the students who have worked hard to complete their assignments. On top of this, there was extra work for the school. This is because they had to contact the exam board to inform them of the attack so that the loss of work didn't impact the students’ grades.

2. Nottinghamshire:

This attack had a negative impact on 15 schools in Nottinghamshire, belonging to the Nova Education Trust Co-operative.

The cyber-attack took place late into the pandemic when students were still learning remotely. However, a few students were still attending school at the time due to their parents being keyworkers.

This attack involved hackers gaining access to the trust’s central infrastructure. This resulted in several of the schools having to shut down their IT systems, existing phones, emails, and website communications.

This disrupted lessons for many teachers and students. However, they were able to continue teaching through SMS messages, temporary phone numbers, and Microsoft Teams. Despite the amazing effort from these teachers, it’s still extremely stressful and time-consuming for them.

3. Bristol:

Unbelievably, 24 schools were the victim of this ransomware attack in Bristol. These cybercriminals attacked the Castle School Education Trust (CSET), which runs 7 schools. The local authority maintains the other 17 schools, as they rely on the trust's IT infrastructure.

This devastating attack meant that thousands of devices had to be rebuilt and teachers had to go without vital teaching resources. This can be stressful for teachers as they had to provide vital education, with minimal information and devices.

Since the attack, the school’s trust has managed to rebuild 16 of the servers. However, the time, money, and effort that goes into building these servers is time and money that should go towards supporting each student.

4. Peterborough:

What was the consequence of the ransomware attack on the education sector?

Both the Cambridge Meridian Academies Trust and The Inspire Education Group were hit by a ransomware attack.

This attack forced many schools to shut down their servers and stall their learning. In this case, both schools were exceptionally lucky as their IT department were able to spot the ransomware attack and deal with it before any major disruption occurred.

They also believe that the criminals didn't access or compromise any sensitive data as the threat was dealt with promptly. Having an IT department that monitors and proactively acts against these threats can have a positive impact on the education sector and minimise disruption.

5. Anglesey:

The impact this ransomware attack had on the education sector meant that secondary schools in Anglesey had to temporarily disable the likes of email accounts to mitigate the threat to the affected systems. The school shut the systems in all 5 schools in their area until the issue had been dealt with.

After the attack, the school announced that whilst there is likely to be some disruption over the coming weeks as they get their systems back up and running, they can’t comment on whether any personal data has been compromised.

6. Essex:

Harris Federation was one of the biggest ransomware attacks on the education sector. It resulted in 37,000 students in 50 primary and secondary schools across London and Essex being targeted.

The school had to spend the weekend trying to fix the issue, as well as suspending emails, telephones, and all Harris Federation devices owned by students. They couldn’t provide details on whether personal data had been obtained but they were able to keep the schools open.

7. Kent:

Both Skinner’s Kent Academy and Skinners’ Kent Primary faced a ransomware attack that played havoc on the education sector.

Though many of the schools that were hit by ransomware attacks managed to remain open, both these schools in Kent had to close. This is because cybercriminals managed to hack into their servers, stealing and encrypting their student’s information.

It’s believed they didn’t access the school’s information management systems where personal records are kept for students and staff. The cybercriminals also informed the school of what data they had obtained, and they don’t seem to have mentioned anything about these personal records.

However, they had encrypted the data meaning the school no longer had access to vital information such as emergency contact numbers for students.

Both schools remained cautious by advising parents to contact their banks in case any of their details had been stolen.

Not only did the school have to close and turn back to remote learning, impacting the children’s education, as well as the fact these children have already had to spend the past year away from their friends. But the school also had to re-collect data from the parents and reconfigure their computers.

8. Bradford:

Though this doesn’t involve a ransomware attack, we thought it would be a good idea to include other attacks that are affecting the education sector. Multiple schools in Bradford were the victim of a DDoS attack.

The impact it had meant that the council’s online learning network, which is used by all the schools, had been attacked. However, this isn’t the first time criminals have targeted them. Their systems have gone down on multiple occasions over the past few months causing site-wide issues for all the schools.

It has also caused daily internet outages which affected their lessons as they were unable to access vital resources or access emails. This would have caused further stress to teachers as being unable to access these emails is a safeguarding issue which is why the school decided to close.

Cybercriminals are extremely heartless when it comes to attacking the education sector. By doing this, they don’t consider the many factors that can impact the school including:

A loss of education for students.
Teachers having to stress about working remotely again.
Teachers are unable to upload learning material.
Students having to go longer without seeing their friends, despite a year in lockdown.
Schools have to spend time gathering parent information.

There are many more reasons ransomware and other cyber-attacks impact the education sector. However, cybercriminals only care about making money. It's frustrating because the money they are demanding should be spent on educational resources such as laptops, pens, and field trips.

These ransomware attacks on schools aren’t slowing down and are only getting more sophisticated. Recently the US said that ‘Trojan is being used in attacks against their schools.’ These attacks can have devastating consequences.

As well as this, the BBC is warning that nurseries could be a potential target in the future. By having all the right measures in place and training all staff on how to spot a phishing scam or malware within an email, cybercriminals might begin to back off the education sector.

At CapNet, we want to do everything we can to help prevent cyber-attacks on the education sector. We have several services that can help prevent a vicious attack such as ransomware. We can offer these services at a reasonable price as well as tailor each service to each school, based on what they need.

If you'd like to find out more about our ICT for schools, please give us a call today or compete for one of our forms.