When you hear the word 'ransomware' you expect a story of banks, insurance companies or big business that has been infected with malware by someone on the dark web out for financial gain. You don't expect tales of cancelled parents' evenings yet this is what happened at Ely College on March 15. Covid testing was suspended for 24 hours while systems were down, and the school also had to delay the deadline for Year 8 options.
A new term is entering our vocabulary, alongside such words as spyware, phishing and Trojan horse. 'Threat actors' are defined by Wikipedia as: ' A threat actor or malicious actor is a person or entity responsible for an event or incident that impacts, or has the potential to impact, the safety or security of another entity. Most often, the term is used to describe individuals and groups that perform malicious acts against organizations of various types and sizes.'
Ransomware attackers demand payment by moving laterally across an organisation’s infrastructure and locking up or downloading as much data as they can get. Imagine losing coursework results, personal data about pupils and financial records for a whole academy.
Both public and private sector institutions have reported an uptake in cyber-incidents, especially ransomware. This has been to the extent that the NCSC (National Cyber Security Council) has issued a warning for schools, colleges and universities to stay alert and secure their data.
Why is the education sector especially at risk of ransomware?
Attacks on educational institutions are becoming more common. In 2020 alone, ransomware attacks on the education sector saw a 9% increase. This is partly because remote learning skyrocketed with the shift to digital caused by the COVID-19 pandemic and learning from home increased the number of unsecured and unmonitored mobile devices and networks. Students, educators and administrators are often using personal devices, like tablets and Chromebooks, that are connected to their home Wi-Fi. This means educational institutions no longer have a good understanding of who or what’s accessing their infrastructure and this has opened up new opportunities for threat actors to deploy attacks. Also many schools do not spend enough on cyber-security.