Surge in cyber attacks on schools

Much like the business world, schools were forced to switch rapidly to working remotely when the Covid-19 pandemic hit. The rapid switch to remote learning meant that schools became much more dependent on their IT systems but the security of those systems became less of a priority whilst schools were rushing to get their pupils online. 

Ransomware Hits at Opportune Time 

The summer months saw a particularly high rise in the number of ransomware attacks against schools and universities as hackers turned their attention to a sector that would be focusing on delivering exam grades in preparation for the new academic year.  

Back in June the National Cyber Security Centre issued a warning to educational institutes to take the necessary measures to protect their networks from ransomware attacks. The impact of ransomware attacks can be severe and victims often require a substantial amount of time to recover critical systems, which can’t often be spared. Recent attacks on the education sector have led to the loss of school financial records, student coursework and data relating to COVID-19 testing. 

Ransomware success hinges on a hacker's ability to obtain leverage. This is because the more harm and disruption a threat actor is able to cause, the more likely the victim will pay an extortion fee.  

Several schools in the Isle of Wight had to postpone reopening earlier this month and the U.S. already kicked off a campaign in August to warn schools to prepare for the possibility of cyber attacks. Schools take great precaution in the handling of sensitive data such as student evaluations and personal information like addresses, telephone numbers, and family information. This increases the pressure on schools to pay the ransom or see the data disappear - or worse, leaked online. 

What to do if an attack takes place? 

Schools should make sure they have an incident response plan in place, which clearly highlights a scenario in which a ransomware attack takes place, and this should be tested regularly throughout the year. However it is also important to have up-to- date and offline backups of all important data as this is the most effective way to recover from a ransomware attack. \ \ Law enforcement agencies do not condone the payment of ransom demands as there is no guarantee that once paid you’ll get the data back or that your device and networks won’t still be infected. They also don’t condone payment to criminals and there is a higher likelihood that you will be the target of another attack. Victims are encouraged to file an incident report with law enforcement and will then be offered help on what to do next. Victims of cyber attacks can get help from trusted experts who can educate, help and guide you on the best path to defend schools against any further attacks.