Schools have lost financial records, students’ coursework and Covid-19 testing data during a recent “spike” in cyber attacks targeting the education sector.

The National Cyber Security Centre (NCSC) today published an alert warning schools and other education settings to take further precautions to protect themselves against ransomware following “an increased number” of attacks since late February.

It comes just one day after the Department for Education (DfE) wrote to school leaders informing them it is “vital that you urgently review your existing defences and take the necessary steps to protect your networks from cyber attacks”.

Cyber attacks a ‘growing threat’

Paul Chichester, director of operations at NCSC, said the targeting of the education sector by cyber criminals is “completely unacceptable” but is a “growing threat”.

Ransomware is a type of malware that prevents you from accessing your systems or the data held on them, the NCSC explains.

The data is usually encrypted and may be deleted or stolen. Following the initial attack those responsible will “usually send a ransom note demanding payment to recover the data”. Payment is usually requested in the form of crypto currency.

The criminals also threaten to release sensitive data stolen during the attack if the ransom is not paid.

The NCSC added: “In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to Covid-19 testing”.

The cyber security experts said the attacks can have a “devastating impact on organisations” and may require a significant amount of recovery time to reinstate critical services.

A Schools Week investigation last year revealed the ESFA received 177 reports of data breaches across 135 academy trusts in 2018-19, including cyber attacks and pupils hacking data.

There has been a rise in attacks since late February “when establishments were preparing to welcome students back to the classroom”.

The NCSC told Schools Week it could not release exact figures for the number of attacks conducted due to operational reasons.

However it stated the attacks have caused varying levels of disruption and “there is no reason to suspect the same criminal actor has been behind each attack”.

So what can schools do?

The DfE stated in its email yesterday that it supported the NCSC recommendation not to encourage, endorse or condone the payment of ransom demands.

It warned the “payment of ransoms has no guarantee of restoring access or services and will likely result in repeat incidents to educational settings.”

School leaders were also told to confirm with their IT team or provider that they are backing up the right data, backups are held offline and their restore services have been tested.

The NCSC recommends a ‘defence in depth’ strategy in order to defend against malware and ransomware attacks.

The advice included effective vulnerability management, installing antivirus software and implementing mechanisms to prevent phishing attacks.