top of page

Schools, colleges and universities: stay protected against ransomware

It may feel like we’re beating the same drum over and over again with our recent focus on cyber criminal activity involving the education sector, but we wouldn’t keep banging that drum without good reason.

Cyber attacks against the education sector remain a major problem. We've seen attacks on colleges, universities, primary schools and secondary schools nationwide, and here in the East Midlands.

These attacks have impacted schools in various ways, with some schools facing tougher repercussions than others, from having to delay the start of term, to huge data breaches.

Ransomware involves the use of computer viruses that threaten to delete (or release publicly) your files unless the ransom is paid (often in bitcoin). Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software, cracking weak passwords or by tricking somebody into installing it via phishing emails.

Why do criminals target the education sector?

Cybercriminals are deploying ransomware to encrypt your sensitive data, as it will have the biggest impact on your services. This can affect staff and students’ access to computer networks, as well as services including email systems, payment systems, phone applications and websites.

Every school holds valuable information just like any business; student medical records, parents contact details, bank details, exam grades and teachers’ personal information. This information is valuable to the criminals behind the attack, as they can publicly leak the data online or sell the data to cybercriminal forums and dark web marketplaces for additional revenue.

How can I protect my organisation from a ransomware attack?

  • Always back up your data, restoring files from a backup is the quickest way to regain access to your data.

  • Never click on unverified links, especially when they are from sources or senders that you don’t recognise.

  • Have your IT department regularly scan emails and systems for malware.

  • Only download files from trusted sites - this includes applications for phones and tablets.

  • If you are using public Wi-Fi, always use a VPN.

  • Do not plug in unfamiliar USB devices.

How can the East Midlands Cyber Resilience Centre help my school?

To help the education sector outsmart cybercriminals and toughen up your cyber security, we can provide businesses and organisations with guidance to help improve cyber resilience.

We encourage schools, colleges and universities in the East Midlands to sign up to our community and to download practical resources and tools that will help you identify your risks and vulnerabilities.

Through our community, you will also get regular updates on new threats, and you can train your staff to integrate security measures into your organisation via Security Awareness Training - an affordable service that trains staff to become a barrier against common cyber threats.

If you have any questions about how we can help your school, college or university, please get in touch with the team.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page