UK National Cyber Security Centre Warns of Surge in Ransomware Attacks Targeting Education Institutions


The UK National Cyber Security Centre (NCSC) has issued an alert to the academic sector regarding a surge in ransomware attacks targeting education institutions since the beginning of the school year.

According to the British cybersecurity agency, the number of ransomware attacks on the UK’s education sector has increased considerably since August 2020, with Newcastle University among the latest victims targeted by cybercriminals.

“This criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible,” Paul Chichester, the NCSC Director of Operations said. “While these have been isolated incidents, I would strongly urge all academic institutions to take heed of our alert and put in place the steps we suggest, to help ensure young people are able to return to education undisrupted.”

The alert does not only provide details regarding the most recent ransomware trends but also includes mitigation steps to protect schools, colleges and universities from such attacks. Education institutions are advised to regularly back up their data and develop an incident response plan in case of an attack.

“With institutions either welcoming pupils and students back for a new term, or preparing to do so, the NCSC’s alert urges them to take immediate steps such as ensuring data is backed up and also stored on copies offline,” the alert reads. “They are also urged to read the NCSC’s newly-updated guidance on mitigating malware and ransomware attacks, and to develop an incident response plan which they regularly test.”

The notification also lists remote desktop protocol (RDP), vulnerable software and hardware, and phishing emails as the most common infection vectors used in an attack.

The NCSC advisory recommends organizations to implement the following strategies to help prevent ransomware and malware attacks:

• Assure effective vulnerability management and patching procedures
• Secure RDP services with two-factor or multi-factor authentication
• Install local security solutions
• Implement anti-phishing mechanisms
• Disable or constrain scripting environments and macros