Blog

Cyber Security Update: Concerning rise in ransomware attacks 

By Hayley Dunn, ASCL Business Leadership Specialist 

The National Cyber Security Centre (NCSC) has issued an alert in response to further targeted ransomware attacks on the education sector by cyber criminals. 

Ransomware attacks have a devastating impact on schools and colleges, with it often taking considerable lengthy periods of time to restore services to usual capacity and functionality. These types of events also attract the interest of media and can become high profile.

The NCSC reports that recent attacks on the education sector have resulted in the loss of student coursework, financial information, and Covid-19 testing data.

What is the NCSC?
The NCSC is part of GCHQ and was set up in 2016 as the UK’s technical authority on cyber security. Their mission is to “make the UK the safest place to live and work online”. Part of the way they do this is by working closely with specific parts of the economy and society, including the education sector.  

What is ransomware?
Ransomware is a type of malware that prevents users from accessing the IT system and/or the data it holds. Usually, data is encrypted, but fraudsters may also delete or steal data, or make computers inaccessible. An initial attack is usually followed by a demand for payment in the form of cryptocurrency. Typically, the NCSC says fraudsters use anonymous email accounts, such as ProtonMail, to make contact. Worryingly for schools and colleges, the NCSC also reports a trend in threats to publish stolen sensitive information.

Which education settings are fraudsters targeting?
The NCSC reports that since late February 2021, there has been an increased number of ransomware attacks that have affected education settings in the UK, including schools, colleges, and universities.

What should school/college leaders do if their organisation is targeted? 
It is important that senior leaders in education settings understand the nature of the threat and the potential for ransomware to cause considerable damage to their organisation(s), in terms of lost data and access to critical services. 

The Department for Education (DfE) issued an information email to schools on 22 March with guidance to support ongoing cyber security, preparedness, and mitigation work. 

What to do if you school or college is affected: 
  1. Enact your incident management plan
  2. Contact the NCSC
  3. Contact your local law enforcement and Action Fraud
  4. Inform the Department for Education by emailing: sector.securityenquiries@education.gov.uk

The DfE advised that they support the National Crime Agency’s recommendations not to encourage, endorse, or condone the payment of ransom demands. Payment of ransoms has no guarantee of restoring access or services and will likely result in repeat incidents to educational settings. 

The DfE stated that it “is vital that you urgently review your existing defences and take the necessary steps to protect your networks from cyber-attacks. Along with your defences, having the ability to restore the systems and recover data from backups is vital. You should ask your IT team or provider to confirm that they are backing up the right data, the backups are held offline, and that they have tested that they can restore services and recover data from the backups.

What can school/college leaders do to reduce the risk of attacks? 
The NCSC recommends what it calls a ‘defence in depth’ strategy to defend against malware and ransomware attacks. They urge all organisations to advise their IT teams to follow the advice and guidance on Mitigating malware and ransomware, which provides a number of steps organisations can take to disrupt ransomware attacks and enable effective recovery. They also strongly advise, that it is vital that organisations have up-to-date and tested offline backups. For further information, see the NCSC’s Offline backups in an online world blog post as well as the NCSC’s guidance on backing up your data.

The NCSC has made two of its cyber security services, the web check and mail check, available to all and at no charge. Around a third of colleges have taken up the offer so far and they would like to get that figure higher.
  1. Web Check scans institutions’ websites to check for common security vulnerabilities and gives advice on how to address the most important of these. This is important because cyber criminals exploit website weaknesses to gain access to an organisation’s network and data. Web Check is easy to set up and once you are up and running, the tool will regularly check your domain(s) and inform you of any problems. 
  2. Mail Check helps in the fight against phishing. Specifically, it helps your team set up anti-spoofing controls to stop attackers sending fake emails, to students, parents, staff, etc. claiming to be from your organisation. These controls can also help reduce genuine emails going into spam folders. 
There are other toolkits and guidance on specific topics available from the NCSC, some of these are listed below.

Toolkits:
Cyber Security Toolkit for Boards can help senior leaders and governors get to grips with cyber security at a strategic level. 
Exercise in a Box helps organisations test their preparedness to deal with common cyber incidents, giving them feedback on how to improve their resilience.  

Information and guidance: 
Cyber Security for Schools

Top Tips for Staff

10 steps to cyber security

Hayley Dunn is ASCL Business Leadership Specialist.
 
Posted: 01/04/2021 16:07:52