Harris Federation runs 50 schools across London, warns of “significant impact” after it fell to a ransomware attack – just days after an NCSC alert on attacks.
A ransomware attack has affected IT systems at 50 schools across London, leaving about 37,000 pupils without access to their emails or any school-issued devices.
The Harris Federation, which runs 50 primary and secondary schools in London and Essex, fell victim to a ransomware attack on Saturday, 27th March. After just a few days, the National Cyber Security Centre (NCSC) alerted the school, colleges, and universities about the “growing threat” of cybercriminals targeting education with ransomware.
Harris Federation has revealed that cybercriminals accessed IT systems and encrypted data with an undisclosed form of ransomware.
In a statement, Harris Federation said ransomware attacks would have a significant impact and that as a precaution, the email system has been disabled. The school phone services, which also run via the internet, have also been disabled, aside from some minimal switchboard services.
Students with issued devices can’t currently use them as they have been disabled as a precaution.
The school has brought in a specialized firm of cyber technology consultants to investigate the ransomware attack’s exact details. It is also working with the National Crime Agency (NCA) and NCSC. “We are at least the fourth multi-academy trust to have been targeted in March,” it said.
Harris Federation hasn’t provided details regarding the exact nature of the information accessed and encrypted by cybercriminals. Still, he says it recognizes that school pupils’ families will have “individual concerns around data.”
Harris Federation is the newest member in a string of schools, colleges, and universities that ransomware attacks have disrupted.
To help protect against ransomware attacks, the NCSC recommends that organizations have an adequate strategy for vulnerability management and implementing security patches, ensure that remote online services are secured with multi-factor authentication, and anti-virus software is installed and enabled.
It’s also recommended that organizations have up-to-date and tested offline backups. If a ransomware attack takes down the network, it can be restored without the need to give in to criminals’ extortion demands.
