NCSC updates schools ransomware guidance amid surge

A renewed surge in ransomware attacks against schools, colleges and universities across the UK has prompted the National Cyber Security Centre (NCSC) to update existing security guidance offered to the sector.

The current surge of cyber attacks has seen multiple high-profile organisations been hit by various cyber criminal gangs, with new victims being uncovered almost daily, and malicious actors are well aware that educational institutions are often less well-defended than large corporations, and – as custodians of significant volumes of highly confidential personal data – may be more likely to pay.

“As of late May/June 2021, the NCSC is investigating another increase in ransomware attacks against schools, colleges and universities in the UK,” said the organisation.

“This recent campaign emphasises again the need for organisations in the sector to protect their networks to prevent ransomware attacks. The NCSC urges all organisations to follow our guidance on ‘Mitigating malware and ransomware’.

“This advice was updated in March 2021 and details a number of steps organisations can take to disrupt ransomware attack vectors and enable effective recovery from ransomware attacks.”

The NCSC is also inviting schools to sign up to its Early Warning cyber incident notification service, which it launched in May at its annual CyberUK event. The service forms part of its Active Cyber Defence programme.

The free-to-use service is designed to help organisations improve their cyber preparedness by filtering trusted threat intelligence sources to create alerts for users, prompting them to investigate any malicious activity and take action to protect themselves.

Research conducted by SonicWall has shown that the UK was one of the worst affected countries in the world for ransomware, with 8.5 million attacks during the course of 2020, accounting for 4.2% of all global attacks. Worldwide, 2020 saw a 62% year-on-year jump in ransomware hits, to more than 304 million.

The firm’s analysts said that April 2021 saw 48.3 million recorded ransomware attacks, the highest ever, and that compared to the January to April 2020 period, the volume of ransomware attacks increased 90%.

“Ransomware attackers have identified universities’ vulnerabilities as providing something valuable as well as information that is readily exportable,” said SonicWall’s Europe, Middle East and Africa (EMEA) vice-president, Terry Greer-King.

“Hackers can not only disable networks, but they can also thoroughly infiltrate the systems and access any data to use as a lever.

“If a hacker gains access to credentials, intellectual property or research in an environment where multi-factor authentication is not used, the hacker may access an organisation’s records, bypassing security altogether,” said Greer-King.