Fourteen schools hit by ransomware attacks with highly confidential documents taken

Those schools not paying the ransom demand are seeing confidential documents on pay, SEN and passports leaked online.

Posted 24 January 2023 by Christine Horton

Fourteen schools in the UK have been hit by a ransomware attack which has targeted highly sensitive information. The cybercriminal gang called the Vice Society is behind the attacks and has also targeted schools in the US, where it stole 500 gigabytes of data from the entire Los Angeles Unified School District.

The fourteen schools targeted are spread across the UK, pointing to a widespread attack, pointing to more educational establishments which have been victims but are yet to be identified. The targeting of schools fits into the escalation from cybercriminals over the past couple of years. During the height of lockdown, there was a discernible increase in ransomware attacks against public sector organisations and those groups researching a vaccine. Now cyber gangs are targeting children and schools and it is something that will continue throughout the next twelve months.

In at least one case cybercriminals gained access to systems which impacted teaching materials which relied on Microsoft Teams. Data was then taken and when the gang was not paid it was released onto the dark web. Although the schools have successfully restored systems the key is to now ensure that the vulnerability that allowed the cybercriminal gang in the first place is identified and closed. Indeed, the healthcare, public sector and education sectors are likely to be increasingly targeted over the coming months. This is because of the nature of the data they hold, but also because their focus is almost entirely on frontline services, and so their IT departments are often understaffed and without the needed level of expertise, according to AJ Thompson, CCO at Northdoor plc.

“Fourteen UK schools being confirmed as victims of ransomware and their data being spread all over the dark web is a disturbing and yet sadly not unexpected escalation in the tactics and targets of cybercriminals.

“The nature of the data held by education, healthcare and other public sector organisations makes them particularly tempting targets for cybercriminals. Equally, these organisations have smaller budgets and IT teams than large enterprises which potentially leaves them more vulnerable to attack.

“However, with a few relatively simple steps organisations can better protect themselves from attack and protect the sensitive data that they hold. One of the first steps is to ensure that cybercriminals cannot get their hands on the data in the first place. Encrypting data and holding it in data silos, stored separately from back-up data centres, means that even if a breach is successful cyber gangs would still not be able to identify and grab the most sensitive data. Equally, organisations need to have a better understanding of what data they hold, where the most sensitive resides and what out-of-date data can be removed. Too often data is held onto and forgotten, laying at the mercy of cybercriminals.

“The danger for these sectors in 2023 is that with a background of budget cuts on already stretched resources, cybersecurity might be further weakened, or at the very least, not strengthened to the necessary levels. We would urge education facilities and others in the public sector to place more priority on cybersecurity. The threat from these gangs is increasing in regularity and sophistication. With organisations focusing on front-line services they must look third-party support.

“We have been working with many in the sector to help boost their internal teams, implement and update appropriate solutions and provide expertise to help protect sensitive data and keep the cybercriminal out. I fear that these fourteen schools might just be the tip of the iceberg and without more in the sector ensuring cybersecurity is a higher priority we will see more of these incidents in the coming months,” said Thompson.