Sikov - stock.adobe.com
Six schools on the Isle of Wight and their umbrella organisation have been targeted by a ransomware attack, leaving teachers and pupils unable to access their online systems and causing disruption to the start of the new school year in September.
The attack hit the schools between 28 and 29 July, according to their umbrella organisation, the Isle of Wight Education Federation, which resulted in their data becoming encrypted and inaccessible.
Although it is not yet clear exactly how the attack was carried out or what data has been affected, schools collect a range of sensitive personal information on both staff and students, including addresses, dates of birth and, in some cases, medical information.
Exam coursework, lesson plans, financial accounts and other types of personal documents are also held in schools’ systems.
The Federation said all the schools’ websites had been down since Friday 30 July, but it was working with police and the local council to understand the full impact of the attack.
“There are obviously some significant implications of this, which we are managing and will take measures to secure our systems even further in the future,” said a Federation spokesperson.
“We are working with the local police and local authority, the Department for Education, cyber support and various ICT system providers to move this forward and ensure that necessary and appropriate systems are in place for the new academic year.”
The affected schools – Carisbrooke College, Island 6th Form, Medina College, Barton Primary, Hunnyhill Primary and Lanesend Primary – could now be forced to delay the start of the new school year in September.
Lanesend Primary, for example, has already announced that pupils will return three days later than intended, on 6 September.
“Having spoken to our service provider, we understand that the attack means that all the information that we stored with them has been encrypted,” said a spokesperson for the school. “This means we cannot and will not be able to access it again.
“As you can imagine, the team now have hours, days and months of work ahead of them to recreate the information that has been lost. In order to assist with this painstaking process, the trustees have approved the school to close for three extra days at the end of the summer holidays. This means the children will not be returning to school until Monday 6 September 2021.”
A renewed surge in ransomware attacks targeting schools, colleges and universities across the UK recently prompted the National Cyber Security Centre to update existing security guidance offered to the sector in June 2021.
Read more about ransomware
- The Babuk ransomware operation backed away from encrypting its victims’ files, and technical difficulties may be to blame, reports McAfee.
- The process of negotiating a ransomware payment is delicate, hence cyber criminal organisations are prepared to offer good terms to those with the right skillsets.
- A coordinated sting has ended the operations of the DoubleVPN service, the owners of which are accused of harbouring cyber criminal activity.
Commenting on the Isle of Wight attack, Adam Philpott, Europe, Middle East and Africa (EMEA) president at McAfee Enterprise, said research from his firm had found that the education sector experienced an 1,114% increase in cloud threats between January and April due to the pandemic.
“It is vital that the education sector takes a proactive approach to security,” he said. “Moving forward, schools can adopt threat intelligence technology that learns from previous breaches to help prioritise threats, predict the types of campaigns that will be launched against them, and pre-emptively improve their defensive countermeasures. There is also industry-specific intelligence available to help organisations understand and improve threat posture against targeted attacks or sector-based campaigns.
“Schools can also improve protection against cyber attacks by building an open, flexible architecture that can adapt as needed without the need for bolt-on security, as well as adopting a zero-trust mindset that can help them to maintain control over access to the network and all instances within it. Ultimately, the industry must use this as a lesson and understand that cyber security needs to be considered an investment rather than a cost – as protection is more important than ever.”
Oz Alashe, CEO of behavioural security platform CybSafe, further highlighted the importance of providing pupils and teachers with the tools they need to protect their institutions in the face of an increased threat to the education sector.
“Malicious actors see educational institutions as a soft target, who will be more willing to pay a ransom, given the vital nature of their work and the disruption that can be caused to pupils’ education,” he said.
“With summer schools taking place to help pupils catch up after the delays caused by Covid-19, a ransomware attack that restricts access to vital systems adds another layer of disruption to an already strained schedule.
“Addressing human security behaviours remains the most effective measure organisations can take to mitigate this kind of risk. For both pupils and staff, increasing awareness of ransomware attacks and providing the means to identify and flag such attacks will help prevent these kinds of breaches, and ensure schools can avoid disruption at this critical time.”
Research conducted by SonicWall has shown that the UK was one of the worst affected countries in the world for ransomware, with 8.5 million attacks during 2020, accounting for 4.2% of all global attacks. Worldwide, 2020 saw a 62% year-on-year jump in ransomware hits, to more than 304 million.
The firm’s analysts said that April 2021 saw 48.3 million recorded ransomware attacks, the highest ever, and that compared to the January to April 2020 period, the volume of ransomware attacks had increased by 90%.
“Ransomware attackers have identified universities’ vulnerabilities as providing something valuable as well as information that is readily exportable,” said Terry Greer-King, vice-president EMEA at SonicWall. “Hackers can not only disable networks, but they can also thoroughly infiltrate the systems and access any data to use as a lever.
“If a hacker gains access to credentials, intellectual property or research in an environment where multifactor authentication is not used, the hacker may access an organisation’s records, bypassing security altogether.”