As of late May/June 2021, the NCSC is investigating another increase in ransomware attacks against schools, colleges and universities in the UK.

As of late May/June 2021, the NCSC is investigating another increase in ransomware attacks against schools, colleges and universities in the UK.

Ransomware gangs are now routinely targeting schools and hospitals. Hackers use malicious software to scramble and steal an organisation’s computer data. The UK’s National Cyber Security Centre, also a member of the Ransomware Task Force says it handled more than three times as many ransomware incidents in 2020 than in the previous year.

Lindy Cameron, the head of the National Cyber Security Centre (NCSC), will say that the organisation – the cybersecurity arm of spy agency GCHQ – is committed to tackling the threat of ransomware and “supports victims of ransomware every day” but that a coordinated response is required to combat the growing threat. While state-sponsored hacking campaigns pose a “malicious strategic threat to the UK’s national interests”, it’s cybercrime – and in particular ransomware – which has become the biggest threat.

The NCSC continues to respond to an increased number of ransomware attacks affecting education establishments in the UK, including schools, colleges, and universities. This report details recent trends observed in ransomware attacks on the UK education sector. This encompasses trends observed during August and September 2020, as well as the more recent attacks since February 2021. It also provides mitigation advice to help protect this sector from attack. This alert is designed to be read by those responsible for IT and Data Protection at education establishments within the UK. Where these services are outsourced, you should discuss this Alert with your IT providers. It is also important that senior leaders understand the nature of the threat and the potential for ransomware to cause considerable damage to their institutions in terms of lost data and access to critical services.

Ransomware is a form of cyber attack which locks files and data on a user’s computer and demands payment in order for them to be released back to the owner and has been used as part of a number of high-profile cyber attacks in recent years, including the 2017 attack on the NHS.

Ms Cameron warned that cybercriminals are becoming increasingly sophisticated in their use of ransomware, and the UK must continue to improve its response. Ransomware has historically been the preserve of high-end cybercrime groups with access to advanced technical skills and capabilities based in overseas jurisdictions who turn a blind eye, or otherwise fail to act, or fail to pursue these groups,” she said.

“But the ecosystem is evolving through what we call Ransomware as a Service, (RaaS); and the as a service business model, where ransomware variants and commodity listings such as listed credentials, are available off the shelf for a one-off payment or a share of the profits.

 Ransomware isn’t just a problem for the UK alone and Cameron urged the importance of working with other countries to tackle what’s truly an international problem.