Growing threat to the education sector posed by cybercrime and ransomware

Yesterday evening (29 Mar), it was revealed that a ransomware attack on the Harris Federation, affecting 50 primary and secondary academies in London, has left 37,000 pupils unable to access their email.

This comes one week after the National Cyber Security Centre announced a rise in this kind of attacks against the education sector, currently a hot target for cyber crime alongside remote learning and the hectic return to school.

The NCSC has been investigating an increased number of ransomware attacks affecting education establishments in the UK, including schools, colleges and universities. Even nurseries and childminders are being warned of the threat of cyber-attacks, in guidance from the government’s National Cyber Security Centre (NCSC).

Scottish Qualifications Authority, SQA ( (@SQAnews), the national awarding body for schools, colleges and Universities in Scotland, was hit by a total of 862,617 malicious emails between December 2020 and the end of February 2021, according to data revealed under Freedom of Information act (FOI) legislation and released by a Parliament Street Think Tank.

The SQA recorded the most attacks in January 2021, where they were targeted by 360,038 malicious email. In February 2021 they were targeted by 291,593 emails, and in December 2020, they were targeted by a comparatively low 210,986 emails.

In its response to the FOI request, the SQA included a breakdown of the types of attacks facing them. It revealed a staggering 99 per cent of all attacks (840,197) were made up of spam attacks; otherwise defined as unsolicited digital messages containing marketing communication, or malicious content.

The SQA also recorded 22,291 cases of phishing attacks over the observed three month period – broken down by 5,413 in December, 9,747 in January and 7,131 in February.

Finally, there were 129 reports of malware attacks – 64 in December, 24 in January and 41 in February.

Chris Ross – SVP Sales, International – Barracuda comments:

“Since the government-mandated closure of schools and introduction of widespread remote learning, institutions and organisations in the education sector have been marked out as hot targets for cyber crime activity, with the attackers in question looking to target sensitive data such as payment information, email addresses, and personal details like names and contact details to sell for money on the black market, or use in future scam attempts. Ransomware attacks are also disproportionately targeting education institutions in this current climate, as scammers attempt to steal or restrict access to invaluable course work or projects, which they offer to return for a fee.”

“Schools, Universities and other organisations in the education sector must combat the threat posed by phishing attacks by investing in email security that leverages artificial intelligence, as well as training for employees, staff and students. Defending against ransomware attacks also requires these organisations to invest in third-party cloud backup software solutions, so that lost or stolen data can safely be retrieved without having to concede to a ransom threat.”

Adam Bangle, VP EMEA at BlackBerry, has put together his thoughts on the attack, the wider threat to the education sector and the importance of a comprehensive response from governments:

“The news of the attack on the Harris Federation comes on the heels of last week’s warning from the NCSC of the growing threat to the education sector posed by cybercrime and ransomware in particular. During this pandemic, we have seen a nearly 600% rise in malicious attacks worldwide targeting schools and universities, offices, government departments and hospitals. This reflects the growing number and sophistication of cyberattacks and ransomware over the last year, as shown in our latest 2021 Threat Report.   

“To ensure the continuity of education, especially in the context of remote learning, we encourage the government to consider the impact on individuals’ wellbeing and ensure security, productivity and user experience. If these devices become infected with a virus or malware, they can expose sensitive personal information that students share during the learning process. 

“This should be an alarm bell for the public sector, a demonstration of the need to secure each and every endpoint. Even the smallest chink in the nations digital armour could spell disaster.”

Rufus Grig, CSO at Maintel said: 

“This latest ransomware attack should act as a reminder to schools that they remain a strong target for hackers, due to the large amount of high-value personal and financial data they own. Despite the easing of lockdown restrictions, with many students returning to schools, some students are still shielding and will have to connect remotely. With that in mind, schools will need to tighten up on their cybersecurity protection as cyberattacks will become increasingly common and hackers have no regard for who they attack. As IT infrastructure gradually moves to the cloud too, organisations must ensure that how they transfer data is secure and data is stored safely.

“Schools can’t promise to fight off every attack, but they can look to utilise innovative technology like AI and ML in systems, as well as potentially turning to outside help for expertise. Protecting students and their personal data must be a 24/7 job, as hackers are continuously probing and looking for weaknesses, and it only takes a single vulnerability to enable an attack. It’s not just primary and secondary education facilities that are targets, higher education must stay on its guard too. The whole sector needs to remain alert and ensure it has the right tools to fight off would-be cyber attackers.”

Simon Carter, Director at RM:

“Unfortunately, the news of another cyber-attack in a school does not come as a surprise. The NCSC has recently written to schools warning them that they’ve seen a significant increase in the number of attacks since schools prepared to re-open in February. Similarly, at RM we’ve seen a marked increase in malware infections for some of the schools that we support in recent months.

“Sadly, ransomware demands can seriously impact schools, universities and colleges, whether it’s losing access to key files and data, or being unable to teach for a period of time whilst systems are restored. 

“There are precautions that schools can take to both minimise the likelihood of such an attack, as well as to mitigate the impact. And it’s great to see that the NCSC has ramped up its support for the sector to meet the increased threat, but I’d urge schools to use all the support that’s available.

“Cyber criminals are sophisticated. Their attack methods are growing, so there are always new risks to stay aware of and potential vulnerabilities and fallibility in process and human behaviour. This means that any technology implementation should come with dedicated training on how to use it safely. It’s also vital that this training is implemented in a way that addresses the constantly changing landscape of online threats and harms. This means being proactive, actively seeking information on the latest online safety trends and concerns, and formulating planned responses on how to handle an attack, as we would do for any other incident response scenario.”