Increased ransomware attacks: Schools offered help to defend their systems

Written by: Pete Henshaw | Published:
Image: Adobe Stock

Remote access systems, phishing and unpatched or unsecure devices are among the common routes being used by ransomware attackers to target schools.

The National Cyber Security Centre (NCSC) has issued a warning to school leaders and IT managers after a rise in attacks on education institutions.

An alert published on Tuesday (March 23) reports an increased number of ransomware attacks since late February. This continues a trend that was first seen in August and September last year.

It is feared that in the rush to move to remote learning during the Covid pandemic, schools may have left their systems open to attack.

Ransomware is a type of malware that prevents you from accessing your systems or the data held on them. Typically, the data is encrypted, but it may also be deleted or stolen or the computer itself may be made inaccessible.

Following the initial attack, those responsible will usually send a ransom note demanding payment to recover the data. Recently, there has been a trend for cyber-criminals to threaten to release sensitive data stolen from the network if the ransom is not paid.

The NCSC alert states: “Ransomware attacks can have a devastating impact on organisations, with victims requiring a significant amount of recovery time to re-enable critical services. These events can also be high-profile in nature, with wide public and media interest.

“In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to Covid-19 testing."

Many of the recent attacks have targeted remote access systems, such as remote desktop protocol (RDP) and virtual private networks (VPN). They exploit weak passwords, lack of multi-factor authentication (MFA), and unpatched vulnerabilities in software.

RDP, which enables employees to access their office desktop computers or servers from another device over the internet, remains the most common attack point to gain access to networks.

Other targets include VPN vulnerabilities. The NCSC states: “The shift towards remote learning over the past year has meant that many organisations have rapidly deployed new networks, including VPNs and related IT infrastructure. Cyber-criminals continue to take advantage of the vulnerabilities in remote access systems.”

Elsewhere, the NCSC says that phishing emails are frequently used to deploy ransomware, while unpatched or unsecure devices are also a common entry point.

The NCSC has published advice for schools on defending their systems (2021) and also offers a number of practical resources (see below).

It adds: “The NCSC recommends that organisations implement a ‘defence in depth’ strategy to defend against malware and ransomware attacks. Your organisation should also have an incident response plan, which includes a scenario for a ransomware attack, and this should be exercised.”

Key strategies include using RDP services with multi-factor authentications, antivirus software and having up-to-date and offline back-ups.

This material is protected by MA Education Limited copyright.
See Terms and Conditions.


Please view our Terms and Conditions before leaving a comment.

Change the CAPTCHA codeSpeak the CAPTCHA code
Sign up Headteacher update Bulletin
About Us

Headteacher Update is a magazine, website, podcast and regular ebulletin dedicated to the primary school leadership team. We tackle a wide range of leadership issues, offering best practice, case studies and in-depth information, advice and guidance. Headteacher Update magazine is distributed free to approximately 20,000 primary school headteachers.

Learn more about Headteacher update


Register to receive regular updates on primary education news delivered free to your inbox.