Ransomware warning: There's been another spike in attacks on schools and universities

NCSC alert says there's been a rise in ransomware attacks targeting the education sector, at a critical time in the academic calendar.
Written by Danny Palmer, Senior Writer

The number of ransomware attacks targeting schools, colleges and universities is on the rise again, warns the UK's National Cyber Security Centre (NCSC).

The latest alert comes following a spate of high-profile ransomware attacks around the world during the past month, including incidents encrypting the networks of Colonial Pipeline, Ireland's health service and meat supplier JBS.

The NCSC has previously warned about ransomware attacks targeting the education sector, but late May and early June has seen another increase in incidents – at a critical time of year when it comes to coursework, exams and other assignments.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

The NCSC has previously detailed how ransomware incidents affecting education have led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing.

"It is important that senior leaders understand the nature of the threat and the potential for ransomware to cause considerable damage to their institutions in terms of lost data and access to critical services," said the NCSC alert.

Some of the most common methods cyber criminals use to gain access to university networks and lay the groundwork for ransomware attacks involve targeting remote desktop protocol (RDP) and virtual private networks (VPNs).

By exploiting weak passwords, a lack of multi-factor authentication or unpatched vulnerabilities in RDP and VPNs, cyber criminals can stealthily compromise networks. Their presence is often only discovered once they've unleashed the ransomware attack and encrypted systems and services.

To help prevent ransomware attacks in the first place, the NCSC recommends that organisations have effective vulnerability management and patching procedures, so they can rapidly update networks and software with the relevant security patches when new vulnerabilities emerge.

SEE: What is a software developer? Everything you need to know about the programmer role and how it is changing

The NCSC also suggests that RDP and other cloud services are secured using multi-factor authentication and that mechanisms are introduced to help detect and prevent phishing attacks.

It's also recommended that organisations in the education sector – and beyond – have plans to enable effective recovery, so if the worst happens and the network is encrypted with ransomware, it's possible to restore it without giving into the ransom demands of cyber criminals.

This can be achieved by having up-to-date and tested offline backups, because according to the NCSC, "offline backups are the most effective way to recover from a ransomware attack".


Editorial standards