A UK high school will have to close for at least two days, today and tomorrow, after becoming the latest public-sector victim of ransomware criminals.
Blacon High School in the historic city of Chester, in north west England, said yesterday the attack hit on January 17, and didn’t rule out having to shut its doors to students for additional days this week.
Students have not been given the day off, however. Teachers set work for them to complete on Google Classroom over the two days, although they can still visit the school to collect lunch.
No ransomware crew has claimed responsibility for the attack at the time of writing, and the school is unwilling to comment on whether any data was compromised as a result of the incident.
“We have an independent cybersecurity company working in school to understand exactly what has happened,” headteacher Rachel Hudson said in a statement. “Until this is completed, I will not be able to provide any further details on any potential data breach.”
Many of the school’s IT systems are down, although Hudson said senior staff are working to create systems that will enable operations to continue.
Phone lines are also down, but a temporary number has been established if needed, and additional communication about the incident will be posted to the school’s website and social media pages. Parents will also be contacted directly through the Parent Pay platform.
“I will update you as soon as we know more and will aim to open once again to students as soon as we can,” Hudson said. “In the meantime, I ask for your support in helping students to complete work at home, especially for Year 11. Thank you for your patience and understanding at this time.”
The attack on Blacon High School is the second major ransomware attack on the UK’s public sector in a week after the Medusa gang hit Gateshead Council two days earlier on January 15.
Unlike with the school, the criminals behind the council attack wasted no time in plastering their data leak site with stolen data. Medusa posted 31 pages and screenshots of stolen files, revealing personally identifiable information (PII) belonging to council residents and staff.
It also set a $600,000 ransom demand for the “deletion” of the council’s data. Although cybercriminals typically make promises such as these, the prevailing belief among experts is that they are rarely honored.
Hudson said: “Unfortunately, cyberattacks like this are happening more frequently despite having the latest security measures in place. This has sadly been experienced by the NHS, National Rail, other public sector departments, and schools.”
The NHS was battered by ransomware last year. The attack on pathology services provider Synnovis over summer caused the most disruption, affecting thousands of appointments and procedures at major London hospitals.
Then, in late November, INC Ransom pounced on Liverpool’s Alder Hey – northern England’s premier children’s hospital – days after an unconnected strike on neighboring NHS hospitals in Wirral.
The news in Blacon also came in the same week as the UK government officially considering a total ban on ransom payments made by public sector and critical national infrastructure (CNI) organizations.
It’s one of three proposals being explored over the next 11 weeks. Another approach being examined is to take the public sector ban a step further and require the biggest private sector organizations to apply for a payment license from the government.
The details are still being fleshed out but given the UK’s close political ties to Australia, which recently adopted a similar rule in its Cyber Security Act, the UK may take after its Oceanic cousin and apply the rule to companies that meet a revenue threshold.
Public sector IT overhaul
While Blacon High School hasn’t detailed the root cause of the ransomware attack, UK public sector organizations don’t genrally have the same financial muscle as commercial businesses to spend on cyber defenses.
The government plans to release a report on January 21 outlining the impact of archaic technology on the public sector. The report will examine matters such as productivity and public satisfaction with services, but also how outdated tech is contributing to the growing threat of cyberattacks.
The technology used by central government alone was found to be outdated in around 25 percent of cases, on average, while the worst cases saw this rise to 70 percent. The report will also say that a growing number of these antiquated systems are “red-rated” for security risk. For the UK’s perpetually underfunded state schools, the position of security is likely to be worse.
Jake Moore, global cybersecurity advisor at ESET, said “Schools and other local government agencies often lack funding and consequently may not have the best protection for their systems which makes them soft targets.
“Schools frequently suffer from a lack in funding which can result in weaker network protection and the use of older systems, inadvertently making them susceptible to multiple cyberattacks.
He added: “There are now endless examples of educational systems and councils being struck in similar attacks and often there can be weeks of disruption which causes a knock-on effect to the wider community.”
Following the publication of the government’s report on archaic tech tomorrow, sweeping reforms are expected to be announced, with the implementation of these led by the Government Digital Service (GDS), which is set to be given more powers. ®