The National Cyber Security Centre (NCSC) has issued a warning to school leaders and IT managers after a rise in attacks on education institutions.
An alert published on Tuesday (March 23) reports an increased number of ransomware attacks since late February. This continues a trend that was first seen in August and September last year.
It is feared that in the rush to move to remote learning during the Covid pandemic, schools may have left their systems open to attack.
Ransomware is a type of malware that prevents you from accessing your systems or the data held on them. Typically, the data is encrypted, but it may also be deleted or stolen or the computer itself may be made inaccessible.
Following the initial attack, those responsible will usually send a ransom note demanding payment to recover the data. Recently, there has been a trend for cyber-criminals to threaten to release sensitive data stolen from the network if the ransom is not paid.
The NCSC alert states: “Ransomware attacks can have a devastating impact on organisations, with victims requiring a significant amount of recovery time to re-enable critical services. These events can also be high-profile in nature, with wide public and media interest.
“In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to Covid-19 testing."
Many of the recent attacks have targeted remote access systems, such as remote desktop protocol (RDP) and virtual private networks (VPN). They exploit weak passwords, lack of multi-factor authentication (MFA), and unpatched vulnerabilities in software.
RDP, which enables employees to access their office desktop computers or servers from another device over the internet, remains the most common attack point to gain access to networks.
Other targets include VPN vulnerabilities. The NCSC states: “The shift towards remote learning over the past year has meant that many organisations have rapidly deployed new networks, including VPNs and related IT infrastructure. Cyber-criminals continue to take advantage of the vulnerabilities in remote access systems.”
Elsewhere, the NCSC says that phishing emails are frequently used to deploy ransomware, while unpatched or unsecure devices are also a common entry point.
The NCSC has published advice for schools on defending their systems (2021) and also offers a number of practical resources (see below).
It adds: “The NCSC recommends that organisations implement a ‘defence in depth’ strategy to defend against malware and ransomware attacks. Your organisation should also have an incident response plan, which includes a scenario for a ransomware attack, and this should be exercised.”
Key strategies include using RDP services with multi-factor authentications, antivirus software and having up-to-date and offline back-ups.
- NCSC: Alert: Further targeted ransomware attacks on the UK education sector by cyber criminals, March 2021: www.ncsc.gov.uk/news/alert-targeted-ransomware-attacks-on-uk-education-sector
- NCSC: Mitigating malware and ransomware attacks: How to defend organisations against malware or ransomware attacks, February 2020: www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
- NCSC: Cyber Security for Schools: Practical resources to help schools improve their cyber security: www.ncsc.gov.uk/section/education-skills/cyber-security-schools