Education Sector Hit By New Ransomware Surge

Published on June 8, 2021
Image Credit: [Unsplash]

The UK Cybersecurity authority recently updated its guidance on ransomware. This comes after a wave of attacks on the country’s education sector.

GCHQ, which is a spin-off of NCSC (National Cyber Security Centre)  announced that it was launching an investigation into another sharp rise in ransomware threats that have been targeting schools and  universities.

Ransomware attacks can have a devastating impact on organizations, with victims requiring a significant amount of recovery time to reinstate critical services. These events can also be high profile in nature, with wide public and media interest. In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records as well as data relating to COVID-19 testing.


Recent attacks have targeted networks via RDP (Remote Desktop Protocol) and VPN (Virtual Private Network) endpoints. They did so by exploiting unpatched vulnerabilities and weak passwords. Other methods used to attempt to gain access to these systems are phishing emails and other unpatched systems like Microsoft Exchange Server.

Researchers have seen a lot of attempts to sabotage backup and auditing devices recently. These are attempts to make the data recovery process more difficult. Attackers have been trying to encrypt entire virtual servers and are using scripting environments like PowerShell to deploy tooling and malware.

The University of Hertfordshire and the University of Portsmouth  both suffered network outages in April. These were related to the most recent ransomware attacks on the sector.

Even the Harris Federation, which manages 50 primary and secondary academies in the London area, was hit by a ransomware attack back in March. That attack impacted nearly 40,000 students.

The NCSC’s new updated report recommends a defense approach when it comes to protection. This includes MFA (Multi-Factor Authentication, anti-virus software, quick patching, and the disabling of macros and scripting environments that help hackers do their thing.

Enjoyed this video?
"No Thanks. Please Close This Box!"