IT Systems Encrypted After UK School Hit By Ransomware
A spate of cyber-attacks against UK schools has claimed its latest victim after a Maidstone secondary school suffered a serious security breach late last week.
The Church of England St Augustine Academy in the Kent commuter town serves over 750 students in the local community.
Headteacher, Jason Feldwick, warned parents via Facebook that the school’s email systems and telephone lines are down and that data had been encrypted by an “outside criminal organisation,” according to local reports.
It’s unclear if data was also stolen, but it would seem likely given that the encryption payload is usually deployed last by ransomware actors, after monetizable information is exfiltrated from targeted systems.
The external WisePay payment system remains secure, but Feldwick reportedly urged anxious parents to be extra vigilant in case they receive “unusual emails or phone calls” following the incident.
Fraudsters who obtain any compromised data will be looking to use it in targeted phishing attacks designed to harvest yet more monetizable information and/or commit identity fraud.
Matt Aldridge, principal solutions consultant at OpenText Cybersecurity, urged all UK schools to sign up to the National Cyber Security Centre’s free Web Check and Mail Check services, in order to identify common browser-based vulnerabilities and enhance email security.
“To improve cyber-resilience, organizations from every sector must put processes in place to ensure they keep sensitive data secure – and perform regular risk reviews. This includes investing in backup tools to minimize the risk of data loss and strengthening cybersecurity awareness among staff and educating pupils on the risks and how to avoid attacks,” he added.
“Security awareness training materials need to be engaging and regularly updated to reflect the latest threat trends, and regular simulations should be run to ensure that the training is effective.”
The attack on St Augustine Academy is the latest in a string of school breaches at and just before the start of the new academic year in the UK.
Publicly reported victims over the past week include Debenham High School in Suffolk, Reading-based Maiden Erlegh Trust and Highgate Wood School in Crouch End.