InfoSec / Cyber

Cyber Attack: Wiltshire School

Cyber Attack: Wiltshire School

A Wiltshire secondary school has been severely affected by a targeted attack by hackers who demanded a ransom to restore access to its IT network.  The attack affected the school's local server, its website, internet access, Wi-Fi, printers and internal phone systems.

A full report can be read here: https://www.gazetteandherald.co.uk/news/23476464.hacker-demands-ransom-taking-control-wiltshire-schools/

The school's website was still down several days later.  An update a few days later was published here: https://www.gazetteandherald.co.uk/news/23484633.hardenhuish-school-cyber-attack-update-hackers-demand-ransom/

In the BBC report cyber expert, Prof Alan Woodward, from the University of Surrey, said schools are a "soft target". 

"IT is not their core business, they don't have big IT teams, and if they're all using standard software and a vulnerability is found in it, then the criminals will quite quickly realise that.

"The advice is never to pay. It sounds like a quick way out, but the prices are extortionate, and you're painting a big target on your back.

"Hackers sell what they call 'suckers lists' on the dark web, where they say 'these people will pay up', and often it can lead to further attacks," he added.

The full BBC Report can be found here: https://www.bbc.co.uk/news/uk-england-wiltshire-65411450

View our Information & Cyber Security Best Practice Library for cyber help and guidance.

Download our Business Continuity Template.

What to do in the event of a cyber attack?

Tell someone!  Report to IT. Report to SLT. 

Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off.

If you are a victim of a ransomware attack we would recommend reporting this to Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss.  Most cyber crimes like these will also need to be reported to the ICO by your data protection officer.

Isolate the infected device and pass to IT 

Always ensure there are backups you can restore from.

Little Guide to ACTION FRAUD

 

Search