The UK’s Isle of Wight Education Federation and six schools were hit by a ransomware attack during which attackers encrypted their data. Officials fear this could delay the start of the new term.
The cyberattack that hit the Isle of Wight’s education federation took place between July 28 and 29. The attackers gained access to the schools’ data. It was not reported whether the attackers demanded a ransom, and no other details about the incident were shared at this time.
All six schools’ websites were knocked offline on Friday and still aren’t accessible. The impacted schools include Carisbrooke College, Island 6th Form, Hunnyhill Primary, Medina College, Barton Primary, and Lanesend Primary.
As the restoration will likely take weeks if not months, the schools are expected to experience delays with the new term:
“As you can imagine, the team now have hours, days, and months of work ahead of them to recreate the information that has been lost. In order to assist with this painstaking process, the Trustees have approved the school to close for 3 extra days at the end of the summer holidays. This means the children will not be returning to school until Monday 6th September 2021. We ask that you are patient with the team during this period,” a spokesperson for the school said.
The education federation said it is working with the authorities and third-party cybersecurity experts to investigate the attack.
“We are working with the local Police and Authority, Department for Education, Cyber support and various ICT system providers to move this forward and ensure that necessary and appropriate systems are in place for the new academic year,” a spokesperson said.
Recently, a few other UK universities and schools on Anglesey were hit by ransomware attacks in June, and Newcastle University was hit last year. Other victims included 24 schools of the Castle School Education Trust and Harris Federation.
As ransomware gangs have been largely non-discriminatory, they hit healthcare organizations, one of them was the Irish health service which is still recovering from a major ransomware incident in May that resulted in patients’ details being leaked on the dark web.
The rise of ransomware led the UK government to issue the first-ever warning for nurseries.
Threat actors often attack education institutions because they see them as a soft targets. Addressing the human security behaviors that can lead to these types of attacks is an effective way to minimize the risk.