Ransomware gangs have found another set of new targets: Schools and universities

National Cyber Security Centre issues advice on how to protect networks from cyber criminals after a spike in ransomware attacks causing disruption across the education sector over the past month
Written by Danny Palmer, Senior Writer

There's been a spike in ransomware attacks targeting schools, colleges and universities, the UK's National Cyber Security Centre (NCSC) has warned.

The alert by the cybersecurity arm of GCHQ says it has dealt with a significant increase in the number of ransomware attacks targeting education over the course of the past month, a time in which schools were preparing to resume in-person lessons.

Ransomware attacks encrypt servers and data, preventing organisations from providing services. In this case, cyber criminals are hoping that the need for schools and colleges to provide teaching will result in victim organisations giving in to extortion demands and paying a ransom in bitcoin in exchange for the decryption key required to restore the network.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) 

"In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing," the agency said.

It's likely that the attempted targeting of sensitive information is an effort to engage in double-extortion ransomware attacks, where cyber criminals threaten to publish stolen data if they're not paid the ransom.

"Any targeting of the education sector by cyber criminals is completely unacceptable," said Paul Chichester, director of operations at the NCSC.

"This is a growing threat and we strongly encourage schools, colleges, and universities to act on our guidance and help ensure their students can continue their education uninterrupted".

Cybersecurity recommendations for schools, colleges and universities to protect their networks from ransomware attacks include having an effective strategy for vulnerability management and applying security patches, securing remote online services with multi-factor authentication and installing and enabling anti-virus software.

SEE: Cybercrime groups are selling their hacking skills. Some countries are buying

It's also recommended that organisations have up-to-date and tested offline backups, so if the network is taken down by a ransomware attack, it can be restored without paying criminals.

"I urge all education and research institutions to act swiftly to ensure their systems and data are robustly protected," said Steve Kennett, director of e-infrastructure at the higher education support body Jisc,

"Jisc has been helping many colleges and universities recover from ransomware attacks recently, so we have seen what a devastating impact this crime has on the sector."

The NCSC previously put out a warning about ransomware attacks targeting universities in September, but this particular form of cybercrime shows no sign of slowing down.


Editorial standards