Font Size: A A A


Ransomware attacks on the UK education sector

The UK official National Cyber Security Centre (NCSC) says that it’s investigating another increase in ransomware attacks against schools, colleges and universities in the UK.

The NCSC emphasises again the need for the sector to protect networks to prevent ransomware attacks. The NCSC urges all to follow guidance on ‘Mitigating malware and ransomware.’ This was updated in March and details steps to take to disrupt ransomware attack vectors and enable effective recovery from ransomware attacks.

The NCSC is also encouraging the sector to sign up to an Early Warning service. This free service uses a range of information feeds to notify of malicious activity on submitted domains and IPs. Visit

About ransomware

As the NCSC says, ransomware is a type of malware that prevents you from accessing your systems or the data held on them. Typically, the data is encrypted, but it may also be deleted or stolen, or the computer itself may be made inaccessible.

Following the initial attack, those responsible will usually send a ransom note demanding payment to recover the data. They will typically use an anonymous email address (for example ProtonMail) to make contact and will request payment in the form of a cryptocurrency.

More recently, there has been a trend for cyber criminals to also threaten to release sensitive data stolen from the network during the attack, if the ransom is not paid, the NCSC adds.

For a related NCSC blog post on ransomware: What board members should know and what they should be asking their technical experts, click here.


Terry Greer-King, VP EMEA of cyber firm SonicWall, says: “Ransomware attackers have identified universities’ vulnerabilities as providing something valuable as well as information that is readily exportable. Hackers can not only disable networks, but they can also thoroughly infiltrate the systems and access any data to use as a lever. If a hacker gains access to credentials, intellectual property or research in an environment where multi-factor authentication is not used, the hacker may access an organisation’s records, bypassing security altogether.”


Related News