Search

How schools are losing GCSE coursework in cyber attacks

A growing number of schools, colleges and universities have been hit by ransomware attacks over the past year.

The UK education sector has seen a rise in ransomware attacks.

Imagine losing someone's coursework. You know the student has poured hours and hours into it and then suddenly, it's gone.


Imagine the guilt you'd feel. Imagine having to tell the person. It'd be hard enough if you were the person's friend or relative, but what if you were the student's teacher and you were having to explain the school had lost it?


You may think that wouldn't happen but sadly it does - and it's because of ransomware attacks. In the context of schools, such attacks involve hackers demanding a ransom for the return of computer files - such as GCSE coursework - which they encrypted in a cyber attack.

Boost your cyber resilience with our FREE membership option

Last year, the National Cyber Security Centre (NCSC) issued a new cyber security alert to the UK’s education sector as schools, colleges and universities reeled from a spate of ransomware attacks.


The NCSC said it had recorded a rise in attacks – including, notably, a ransomware attack on the University of Newcastle – as cyber criminals turned their attention to institutions that were rather more focused on getting students back into learning environments safely following months of disruption.


Shortly before the alert was issued, more than 20 universities and charities in the UK, US and Canada confirmed they had been victims of a cyber attack that compromised a software supplier. Blackbaud was held to ransom by hackers in May and paid an undisclosed ransom to cyber criminals.


Although some UK schools, colleges and universities have managed to recover data without paying out any ransom, others have sadly been forced to meet such demands.


With the education sector again distracted by the challenges of another national lockdown amid the COVID-19 pandemic, there are concerns ransomware attacks will continue to rise in 2021.


As such, the East Midlands Cyber Resilience Centre will be staging a webinar next week to raise awareness of the growing ransomware threat.


The webinar - on Wednesday, 13th January at 10am - will help education leaders understand the current threats and how to mitigate risk.


We'll hear from Detective Inspector Matt Carson, Police lead of the EMCRC, and Richard Heysmond, of East Midlands Special Operations Unit, before hearing from cyber security experts at our national partners Arcserve, who will discuss a ransomware attack on a Derbyshire-based Academy Trust.


To register for the webinar, click here.


Last year, the results of 134 Freedom of Information queries published by PR agency Topline Communications highlighted the scale of the ransomware threat to academia. The agency found that of 105 UK universities that responded, 33% said they had been subject to a ransomware attack in the past decade, and 45% declined to answer the question, suggesting the true figure may be much higher.


Sheffield Hallam and City, University of London stood out in the data, reporting 42 attacks since 2013 and seven since 2014, respectively.


Read more: Boost your cyber resilience with our staff training

The contents of this blog provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.