One of the country’s largest academy trusts has become the latest victim of a targeted ransomware cyber attack – with laptops used by pupils and email systems disabled.
Harris Federation, which runs 49 schools, detected the attack on Saturday, and has been working through the weekend to resolve the issues.
A Schools Week investigation last week revealed at least three academy trusts have already been struck by the devastating cyber crime in March alone.
Harris today warned that the “highly sophisticated attack . . . will have significant impact on our academies but it will take time to uncover the exact details of what has or has not happened, and to resolve”.
The trust has recruited the services of a specialised firm of cyber technology consultants and is working closely with the National Crime Agency and National Cyber Security Centre (NCSC).
Devices and communications disabled
As a result of the attack Harris Federation devices given to pupils “have been disabled as a precaution and cannot be currently used”.
Harris’ email and telephone systems have also been temporarily disabled.
All Harris Academies remain open today, and the trust said it will “endeavour to keep them open until the end of term”.
The trust added: “We know that some families will have important individual concerns around data and that in these cases you will want to know more about the nature of the attack. Because we do not want to risk providing incorrect information, we will communicate further once we have clarity and liaise as appropriate with the Information Commissioner’s Office”.
Schools have become ‘soft targets’
Ransomware is a type of malware that prevents you from accessing your system or the data held there, according to the NCSC.
The data is usually encrypted and may be deleted or stolen. Following the initial attack those responsible will “usually send a ransom note demanding payment to recover the data”.
Ruth Schofield, of cyber security experts Heimdal Security, previously told Schools Week the “rapid switch to remote learning” has made schools more dependent on their IT systems. But security has become less of a priority “in the rush to get pupils online”.
“At a time when businesses have been strengthening their defences, schools have become soft targets for criminals,” she added.
An NCSC spokesperson said it was working with trust to “fully understand” the impact of the attack and urged schools to follow its advice in order to protect themselves from “the significant threat posed by ransomware attacks”.
Cambridge Meridian Academies Trust (CMAT), Nova Education Trust and Castle School Education Trust (CSET) have all been hit in similar attack already this month.