A highly sophisticated ransomware attack leaves 36,000 students without email

A ransomware attack has infected IT systems at schools across London, leaving tens of thousands of pupils without access to email or school-issued devices.

The Harris Federation, which runs 50 primary and secondary schools in London and Essex, fell victim to a ransomware attack on Saturday 27th March – just days after the National Cyber Security Centre (NCSC) put out an alert warning schools, colleges and universities about the "growing threat" of cyber criminals targeting education with ransomware.

Harris Federation has revealed that cyber criminals accessed IT systems and encrypted data with an undisclosed form of ransomware. 

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) 

In a statement, Harris Federation said the ransomware attack will have a "significant impact" and that as a precaution the email system has been disabled. The school phone services, which also run via the internet, have also been disabled, aside from some "very limited" switchboard services.

Students who have been issued devices by the schools can't currently use them as they've been disabled as a precaution.

The school has brought in a specialised firm of cyber-technology consultants to investigate the exact details of the ransomware attack and is also working with the National Crime Agency (NCA) and NCSC. "We are at least the fourth multi-academy trust to have been targeted in March," it said.

Harris Federation hasn't detailed the exact nature of the information that has been accessed and encrypted by cyber criminals, but says it recognises that the families of school pupils will have "individual concerns around data".

ZDNet has attempted to contact Harris Federation for additional information about the ransomware attack but is yet to receive a reply at the time of publication.

SEE: Ransomware: Why we're now facing a perfect storm

Harris Federation is the latest in a string of schools, colleges and universities that have been disrupted by ransomware attacks.

To help protect against ransomware attacks, the NSCC recommends that organisations have an effective strategy for vulnerability management and applying security patches, that they ensure that remote online services are secured with multi-factor authentication, and that anti-virus software is installed and enabled.

It's also recommended that organisations have up-to-date and tested offline backups, so if the network is taken down by a ransomware attack, it can be restored without the need to give into the extortion demands of criminals.

MORE ON CYBERSECURITY

• Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again
• Why ransomware has become such a huge problem for businesses
• Ransomware: This essential step could help you make it through an attack
• The best antivirus software for 2021
• This company was hit by ransomware. Here's what they did next, and why they didn't pay up