top of page

Isle of Wight schools and colleges hit by ransomware attack

A ransomware attack will have "significant implications" on some primary schools and colleges on the Isle of Wight as they may be forced to delay the start of next term.

Colleges and schools on the island have had their data encrypted after the organisation that oversees them suffered the attack. Websites for Medina College, Carisbrooke College, the Island Sixth Form, and the Isle of Wight of Education Federation have been offline for almost a week.

The Isle of Wight of Education Federation, which oversees three schools, said its IT systems were compromised between 28 and 29 July.

The new school term is of course due to start next month, but there are now serious concerns that the term will be delayed.

"We are working with officers from the police cyber crime unit to pursue the cyber criminals and understand the full impact of the attack," the federation said. "There are obviously some significant implications of this, which we are managing and will take measures to secure our systems even further in the future.

"We are working with the local Police and Authority, Department for Education, Cyber support and various ICT system providers to move this forward and ensure that necessary and appropriate systems are in place for the new academic year."

Ransomware attacks are not uncommon in the education sector. In fact, throughout the 2020/21 academic year, similar incidents have affected universities in Newcastle, Northampton, Kent and London.

However, this latest attack comes out of term time, which may suggest that the attack is targeted, according to ESET security specialist Jake Moore.

"It dramatically highlights the importance of having the correct and robust backup measures in place regardless of how much it costs to make it strong enough to withstand a standard attack," Moore told www-itpro-co-uk. "Councils, schools, and other local government agencies often lack funding and consequently may not have the strongest network protection which makes them soft targets for those looking to exploit any weaknesses.

"However, due to very rarely ever paying ransom demands, it is likely that the very fact they often have weaker security means they are unintentionally caught up in a net of ransomware."

This attack - and the fact that other schools, colleges and universities have also come under attack - is once again proof that any organisation can be targeted by attackers. Hackers care little about what ripple effect their activity may have on children’s education.

Earlier in the year we ran two webinars about how schools and colleges can prepare and make changes to their IT systems to mitigate the effects of a ransomware attack. We’re looking to host more of these webinars in the autumn as we realise the risk posed to the sector.

For information on ransomware and to find out how to better protect your business from an attack, refer to our blog: Ransomware: What you NEED to know



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page