The NCSC have confirmed that, since late February 2021, an increased number of ransomware attacks have affected education establishments in the UK, including schools, colleges and universities. The NCSC previously acknowledged an increase in ransomware attacks on the UK education sector during August and September 2020.
The recent alert is designed to be read by those responsible for IT and Data Protection at education establishments within the UK. Where these services are outsourced, you should discuss this announcement with your IT providers.
Due to the prevalence of these attacks, senior leaders should be sure to follow NCSC’s mitigating malware and ransomware guidance. This will help education establishments put in place a strategy to defend against ransomware attacks, as well as planning and rehearsing ransomware scenarios, in the event that defences are breached.
Ransomware is a type of malware that prevents you from accessing your systems or the data held on them. Typically, the data is encrypted, but it may also be deleted or stolen, or the computer itself may be made inaccessible.
Following the initial attack, those responsible will usually send a ransom note demanding payment to recover the data. They will typically use an anonymous email address (for example ProtonMail) to make contact and will request payment in the form of a crypto currency.
In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing.
The NCSC have emphasised the importance of organisations having up-to-date and tested offline backups. For further information see the NCSC’s Offline backups in an online world blog post as well as the NCSC’s guidance on backing up your data)